35-11
Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide
78-17058-01
Chapter35 Configuring MSDP Configuring MSDP
Filtering Source-Active Request Messages
By default, only switches that are caching SA information can respond to SA requests. By default, such
a switch honors all SA request messages from its MSDP peers and supplies the IP addresses of the active
sources.
However, you can configure the switch to ignore all SA requests from an MSDP peer. You can also honor
only those SA request messages from a peer for groups described by a standard access list. If the groups
in the access list pass, SA request messages are accepted. All other s uch messa ges from the peer fo r other
groups are ignored.
Beginning in privileged EXEC mode, follow these steps to configure one of these options. This
procedure is optional.
To return to the default setting, use the no ip msdp filter-sa-request {ip-address | name} global
configuration command.
This example shows how to configure the switch to filter SA request messages from the MSDP peer
at 171.69.2.2. SA request messages from sources on network 192.4.22.0 pass access list 1 and are
accepted; all others are ignored.
Switch(config)# ip msdp filter sa-request 171.69.2.2 list 1
Switch(config)# access-list 1 permit 192.4.22.0 0.0.0.255
Command Purpose
Step1 configure terminal Enter global configuration mode.
Step2 ip msdp filter-sa-request ip-address |
name
or
ip msdp filter-sa-request {ip-address |
name} list access-list-number
Filter all SA request messages from the specified MSDP peer.
or
Filter SA request messages from the specified MSDP peer for groups
that pass the standard access list. The access list describes a multicast
group address. The range for the access-list-number is 1 to 99.
Step3 access-list access-list-number {deny |
permit} source [source-wildcard]Create an IP standard access list, repeating the command as many t imes
as necessary.
For access-list-number, the range is 1 to 99.
The deny keyword denies access if the co nditions ar e matched. The
permit keyword permits access if the conditions are matched.
For source, enter the number of the network or host from which the
packet is being sent.
(Optional) For source-wildcard, enter the wildcard bits in dotted
decimal notation to be applied to the source. Place ones in the bit
positions that you want to ignore.
Recall that the access list is always terminated by an implicit deny
statement for everything.
Step4 end Return to privileged EXEC mode.
Step5 show running-config Verify your entries.
Step6 copy running-config startup-config (Optional) Save your entries in the configuration file.