H3C Technologies H3C SecPath F1000-E User Manual
Page 92
31
[DeviceC-msdp] quit
# Configure an MSDP peer on Device D.
[DeviceD] msdp
[DeviceD-msdp] peer 10.110.5.1 connect-interface gigabitethernet 2/1
[DeviceD-msdp] quit
Step5
Configure SA message filtering rules
# Configure an SA message filter on Device C so that Device C will not forward SA messages for (Source
1, 225.1.1.0/30) to Device D.
[DeviceC] acl number 3001
[DeviceC-acl-adv-3001] rule deny ip source 10.110.3.100 0 destination 225.1.1.0 0.0.0.3
[DeviceC-acl-adv-3001] rule permit ip source any destination any
[DeviceC-acl-adv-3001] quit
[DeviceC] msdp
[DeviceC-msdp] peer 10.110.5.2 sa-policy export acl 3001
[DeviceC-msdp] quit
# Configure an SA message filter on Device D so that Device D will not create SA messages for Source
2.
[DeviceD] acl number 2001
[DeviceD-acl-basic-2001] rule deny source 10.110.6.100 0
[DeviceD-acl-basic-2001] quit
[DeviceD] msdp
[DeviceD-msdp] import-source acl 2001
[DeviceD-msdp] quit
Step6
Verify the configuration
View the (S, G) entries cached in the SA cache on the devices using the display msdp sa-cache
command. For example:
# View the (S, G) entries cached in the SA cache on Device C.
[DeviceC] display msdp sa-cache
MSDP Source-Active Cache Information of VPN-Instance: public net
MSDP Total Source-Active Cache - 8 entries
MSDP matched 8 entries
(Source, Group) Origin RP Pro AS Uptime Expires
(10.110.3.100, 225.1.1.0) 1.1.1.1 ? ? 02:03:30 00:05:31
(10.110.3.100, 225.1.1.1) 1.1.1.1 ? ? 02:03:30 00:05:31
(10.110.3.100, 225.1.1.2) 1.1.1.1 ? ? 02:03:30 00:05:31
(10.110.3.100, 225.1.1.3) 1.1.1.1 ? ? 02:03:30 00:05:31
(10.110.3.100, 226.1.1.0) 1.1.1.1 ? ? 02:03:30 00:05:31
(10.110.3.100, 226.1.1.1) 1.1.1.1 ? ? 02:03:30 00:05:31
(10.110.3.100, 226.1.1.2) 1.1.1.1 ? ? 02:03:30 00:05:31
(10.110.3.100, 226.1.1.3) 1.1.1.1 ? ? 02:03:30 00:05:31