peer sa-request-policy

Use peer sa-request-policy to configure an SA request policy for an MSDP peer.

Use undo peer sa-request-policy to delete the SA request policy for an MSDP peer.

Syntax

peer peer-address sa-request-policy [ acl ipv4-acl-number ]

undo peer peer-address sa-request-policy

Default

No SA request policy exists, and all SA request messages from an MSDP peer are accepted.

Views

MSDP view

Predefined user roles

network-admin

Parameters

peer-address: Specifies an MSDP peer by its IP address.

ipv4-acl-number: Specifies an IPv4 basic ACL number in the range of 2000 to 2999. If you specify an ACL, the device accepts only SA requests that the ACL permits. The device discards all SA requests when one of the following conditions exists:

• You do not specify an ACL.

• The specified ACL does not exist.

• The specified ACL does not have valid rules.

Usage guidelines

When you configure a rule in the IPv4 basic ACL, follow these restrictions and guidelines:

• For the rule to take effect, do not specify the vpn-instance vpn-instance option.

• The source source-address source-wildcard option specifies a multicast group address.

• Among the other optional parameters, only the fragment keyword and the time-range time-range-name option take effect.

If you configure this command multiple times, the most recent configuration takes effect.

Examples

# Configure an SA request policy on the public network. Then, the device accepts only SA requests that are from MSDP peer 175.58.6.5 and for multicast groups in the range 225.1.1.0/24.

<Sysname> system-view
[Sysname] acl basic 2001
[Sysname-acl-ipv4-basic-2001] rule permit source 225.1.1.0 0.0.0.255
[Sysname-acl-ipv4-basic-2001] quit
[Sysname] msdp
[Sysname-msdp] peer 175.58.6.5 sa-request-policy acl 2001