Peer Sa-Policy - HP 3600 v2 Series Command Reference Manual

# In VPN instance mvpn, enable the device to cache a maximum of 100 (S, G) entries learned from its
MSDP peer 125.10.7.6.
<Sysname> system-view
[Sysname] msdp vpn-instance mvpn
[Sysname-msdp-mvpn] peer 125.10.7.6 sa-cache-maximum 100

peer sa-policy

Syntax
peer peer-address sa-policy { import | export } [ acl acl-number ]
undo peer peer-address sa-policy { import | export }
View
Public network MSDP view, VPN instance MSDP view
Default level
2: System level
Parameters
import: Filters SA messages from the specified MSDP peer.
export: Filters SA messages that are forwarded to the specified MSDP peer.
peer-address: Specifies an MSDP peer address.
acl-number: Specifies an advanced ACL number, in the range of 3000 to 3999. If you do not provide an
ACL number, all SA messages that carry (S, G) entries are filtered out.
Description
Use peer sa-policy to configure a filtering rule for received or forwarded SA messages.
Use undo peer sa-policy to restore the default.
By default, the switch does not filter SA messages that are received or that will be forwarded. Namely,
all SA messages are accepted and forwarded.
In addition to controlling SA message by using this command, you can also use the import-source
command to configure a filtering rule for creating SA messages.
Related commands: display msdp peer-status and import-source.
Examples
# On the public network, configure a filtering rule so that SA messages are forwarded to the MSDP peer
125.10.7.6 only if they match ACL 3100.
<Sysname> system-view
[Sysname] acl number 3100
[Sysname-acl-adv-3100] rule permit ip source 170.15.0.0 0.0.255.255 destination 225.1.0.0
0.0.255.255
[Sysname-acl-adv-3100] quit
[Sysname] msdp
[Sysname-msdp] peer 125.10.7.6 connect-interface vlan-interface 100
[Sysname-msdp] peer 125.10.7.6 sa-policy export acl 3100
# In VPN instance mvpn, configure a filtering rule so that SA messages are forwarded to the MSDP peer
125.10.7.6 only if they match ACL 3100.
193