F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Network Management Configuration Guide-6PW100
664
[RouterC-acl-adv-3001] rule deny ip source 10.110.3.100 0 destination 225.1.1.0
0.0.0.3
[RouterC-acl-adv-3001] rule permit ip source any destination any
[RouterC-acl-adv-3001] quit
[RouterC] msdp
[RouterC-msdp] peer 10.110.5.2 sa-policy export acl 3001
[RouterC-msdp] quit
# Configure an SA message filter on the firewall so that the firewall will not create SA messages
for Source 2.
[Firewall] acl number 2001
[Firewall-acl-basic-2001] rule deny source 10.110.6.100 0
[Firewall-acl-basic-2001] quit
[Firewall] msdp
[Firewall-msdp] import-source acl 2001
[Firewall-msdp] quit
1653BVerifying the configuration
# Display the (S, G) entries cached in the SA cache on Router C.
[RouterC] display msdp sa-cache
MSDP Source-Active Cache Information of VPN-Instance: public net
MSDP Total Source-Active Cache - 8 entries
MSDP matched 8 entries
(Source, Group) Origin RP Pro AS Uptime Expires
(10.110.3.100, 225.1.1.0) 1.1.1.1 ? ? 02:03:30 00:05:31
(10.110.3.100, 225.1.1.1) 1.1.1.1 ? ? 02:03:30 00:05:31
(10.110.3.100, 225.1.1.2) 1.1.1.1 ? ? 02:03:30 00:05:31
(10.110.3.100, 225.1.1.3) 1.1.1.1 ? ? 02:03:30 00:05:31
(10.110.3.100, 226.1.1.0) 1.1.1.1 ? ? 02:03:30 00:05:31
(10.110.3.100, 226.1.1.1) 1.1.1.1 ? ? 02:03:30 00:05:31
(10.110.3.100, 226.1.1.2) 1.1.1.1 ? ? 02:03:30 00:05:31
(10.110.3.100, 226.1.1.3) 1.1.1.1 ? ? 02:03:30 00:05:31
# Display the (S, G) entries cached in the SA cache on the firewall.
[Firewall] display msdp sa-cache
MSDP Source-Active Cache Information of VPN-Instance: public net
MSDP Total Source-Active Cache - 4 entries
MSDP matched 4 entries
(Source, Group) Origin RP Pro AS Uptime Expires
(10.110.3.100, 226.1.1.0) 1.1.1.1 ? ? 00:32:53 00:05:07
(10.110.3.100, 226.1.1.1) 1.1.1.1 ? ? 00:32:53 00:05:07
(10.110.3.100, 226.1.1.2) 1.1.1.1 ? ? 00:32:53 00:05:07
(10.110.3.100, 226.1.1.3) 1.1.1.1 ? ? 00:32:53 00:05:07
215B
Troubleshooting MSDP
This section describes common MSDP problems and how to troubleshoot them.