25-11
Catalyst 3550 Multilayer Switch Software Configuration Guide
78-11194-03
Chapter 25 Configuring MSDP
Configuring MSDP
Filtering Source-Active Request Messages
By default, only multilayer switches that are caching SA information can respond to SA requests. By
default, such a switch honors all SA request messages from its MSDP peers and supplies the IP addresses
of the active sources.
However, you can configure the switch to ignore all SA requests from an MSDP peer. You can also honor
only those SA request messages from a peer for groups described by a standard access list. If the groups
in the access list pass, SA request messages are accepted. All other such messages from the peer for other
groups are ignored.
Beginning in privileged EXEC mode, follow these steps to configure one of these options:
To return to the default setting, use the no ip msdp filter-sa-request {ip-address | name} global
configuration command.
This example shows how to configure the switch to filter SA request messages from the MSDP peer
at 171.69.2.2. SA request messages from sources on network 192.4.22.0 pass access list 1 and are
accepted; all others are ignored.
Switch(config)# ip msdp filter sa-request 171.69.2.2 list 1
Switch(config)# access-list 1 permit 192.4.22.0 0.0.0.255
Command
Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
ip msdp filter-sa-request ip-address |
name
or
ip msdp filter-sa-request {ip-address |
name} list access-list-number
Filter all SA request messages from the specified MSDP peer.
or
Filter SA request messages from the specified MSDP peer for groups
that pass the standard access list. The access list describes a multicast
group address. The range for the access-list-number is 1 to 99.
Step 3
access-list access-list-number {deny |
permit} source [source-wildcard]
Create an IP standard access list, repeating the command as many times
as necessary.
•
For access-list-number, the range is 1 to 99.
•
The deny keyword denies access if the conditions are matched. The
permit keyword permits access if the conditions are matched.
•
For source, enter the number of the network or host from which the
packet is being sent.
•
(Optional) For source-wildcard, enter the wildcard bits in dotted
decimal notation to be applied to the source. Place ones in the bit
positions that you want to ignore.
Recall that the access list is always terminated by an implicit deny
statement for everything.
Step 4
end
Return to privileged EXEC mode.
Step 5
show running-config
Verify your entries.
Step 6
copy running-config startup-config
(Optional) Save your entries in the configuration file.