Chapter 43 Configuring MSDP

Configuring MSDP

Beginning in privileged EXEC mode, follow these steps to apply a filter. This procedure is optional.

 

Command

Purpose

Step 1

 

 

configure terminal

Enter global configuration mode.

 

 

 

Step 2 ip msdp sa-filter in ip-addressname

Filter all SA messages from the specified MSDP peer.

 

or

or

 

ip msdp sa-filter in {ip-addressname}

From the specified peer, pass only those SA messages that pass the IP

 

list access-list-number

extended access list. The range for the extended access-list-number

 

 

is 100 to 199.

 

 

If both the list and the route-mapkeywords are used, all conditions

 

 

must be true to pass any (S,G) pair in incoming SA messages.

 

or

or

 

ip msdp sa-filter in {ip-addressname}

From the specified MSDP peer, pass only those SA messages that meet

 

route-map map-tag

the match criteria in the route map map-tag.

 

 

If all match criteria are true, a permit from the route map passes routes

 

 

through the filter. A deny will filter routes.

Step 3

 

 

access-listaccess-list-number {deny

(Optional) Create an IP extended access list, repeating the command as

 

permit} protocol source source-wildcard

many times as necessary.

 

destination destination-wildcard

For access-list-number, enter the number specified in Step 2.

 

 

 

 

The deny keyword denies access if the conditions are matched. The

 

 

permit keyword permits access if the conditions are matched.

 

 

For protocol, enter ip as the protocol name.

 

 

For source, enter the number of the network or host from which the

 

 

packet is being sent.

 

 

For source-wildcard, enter the wildcard bits in dotted decimal

 

 

notation to be applied to the source. Place ones in the bit positions

 

 

that you want to ignore.

 

 

For destination, enter the number of the network or host to which

 

 

the packet is being sent.

 

 

For destination-wildcard, enter the wildcard bits in dotted decimal

 

 

notation to be applied to the destination. Place ones in the bit

 

 

positions that you want to ignore.

 

 

Recall that the access list is always terminated by an implicit deny

 

 

statement for everything.

Step 4

 

 

end

Return to privileged EXEC mode.

Step 5

 

 

show running-config

Verify your entries.

Step 6

 

 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

 

 

 

To remove the filter, use the no ip msdp sa-filter in {ip-address name} [list access-list-number] [route-mapmap-tag] global configuration command.

This example shows how to filter all SA messages from the peer named switch.cisco.com:

Switch(config)# ip msdp peer switch.cisco.com connect-source gigabitethernet1/0/1

Switch(config)# ip msdp sa-filter in switch.cisco.com

 

 

Catalyst 3750-E and 3560-E Switch Software Configuration Guide

 

 

 

 

 

 

OL-9775-02

 

 

43-15

 

 

 

 

 

Page 1075
Image 1075
Cisco Systems 3750E manual Ip msdp sa-filter in ip-address name, 43-15, Switchconfig# ip msdp sa-filter in switch.cisco.com