HP VPN Firewall Appliances Network Management Command Reference
679
Usage guidelines
In addition to controlling SA message receiving and forwarding by using this command, you can also
configure a filtering rule for creating SA messages using the import-source command.
Examples
# Configure a filtering rule on the public network so that SA messages are forwarded to MSDP peer
125.10.7.6 only if they match advanced ACL 3100.
<Sysname> system-view
[Sysname] acl number 3100
[Sysname-acl-adv-3100] rule permit ip source 170.15.0.0 0.0.255.255 destination 225.1.0.0
0.0.255.255
[Sysname-acl-adv-3100] quit
[Sysname] msdp
[Sysname-msdp] peer 125.10.7.6 connect-interface gigabitethernet 0/1
[Sysname-msdp] peer 125.10.7.6 sa-policy export acl 3100
Related commands
• display msdp peer-status
• import-source
peer sa-request-policy
Use peer sa-request-policy to configure a filtering rule for SA request messages.
Use undo peer sa-request-policy to remove the configured SA request filtering rule.
Syntax
peer peer-address sa-request-policy [ acl acl-number ]
undo peer peer-address sa-request-policy
Default
SA request messages are not filtered.
Views
Public network MSDP view
Default command level
2: System level
Parameters
peer-address: Specifies an MSDP peer.
acl-number: Specifies a basic ACL, in the range of 2000 to 2999. If you provide this argument, the SA
requests of only the multicast groups that match the ACL are accepted and other SA requests are ignored.
If you do not provide this argument, all SA requests are ignored.
Examples
# Configure an SA request filtering rule on the public network so that SA messages from the MSDP peer
175.58.6.5 are accepted only if the multicast group address in the SA messages is in the range of
225 .1.1.0 / 24 .
<Sysname> system-view
[Sysname] acl number 2001