H3C Technologies H3C SecPath F1000-E User Manual

674

[SecPathC] acl number 3001

[SecPathC-acl-adv-3001] rule deny ip source 10.110.3.100 0 destination 225.1.1.0

0.0.0.3

[SecPathC-acl-adv-3001] rule permit ip source any destination any

[SecPathC-acl-adv-3001] quit

[SecPathC] msdp

[SecPathC-msdp] peer 10.110.5.2 sa-policy export acl 3001

[SecPathC-msdp] quit

# Configure an SA message filter on SecPath D so that SecPath D will not create SA messages for

Source 2.

[SecPathD] acl number 2001

[SecPathD-acl-basic-2001] rule deny source 10.110.6.100 0

[SecPathD-acl-basic-2001] quit

[SecPathD] msdp

[SecPathD-msdp] import-source acl 2001

[SecPathD-msdp] quit

6.

Verify the configuration:
Use the display msdp sa-cache command to display the (S, G) entries cached in the SA cache on
the firewalls . For example:
# Display the (S, G) entries cached in the SA cache on SecPath C.

[SecPathC] display msdp sa-cache

MSDP Source-Active Cache Information

MSDP Total Source-Active Cache - 8 entries

MSDP matched 8 entries

(Source, Group) Origin RP Pro AS Uptime Expires

(10.110.3.100, 225.1.1.0) 1.1.1.1 ? ? 02:03:30 00:05:31

(10.110.3.100, 225.1.1.1) 1.1.1.1 ? ? 02:03:30 00:05:31

(10.110.3.100, 225.1.1.2) 1.1.1.1 ? ? 02:03:30 00:05:31

(10.110.3.100, 225.1.1.3) 1.1.1.1 ? ? 02:03:30 00:05:31

(10.110.3.100, 226.1.1.0) 1.1.1.1 ? ? 02:03:30 00:05:31

(10.110.3.100, 226.1.1.1) 1.1.1.1 ? ? 02:03:30 00:05:31

(10.110.3.100, 226.1.1.2) 1.1.1.1 ? ? 02:03:30 00:05:31

(10.110.3.100, 226.1.1.3) 1.1.1.1 ? ? 02:03:30 00:05:31

# Display the (S, G) entries cached in the SA cache on SecPath D.

[SecPathD] display msdp sa-cache

MSDP Source-Active Cache Information

MSDP Total Source-Active Cache - 4 entries

MSDP matched 4 entries

(Source, Group) Origin RP Pro AS Uptime Expires

(10.110.3.100, 226.1.1.0) 1.1.1.1 ? ? 00:32:53 00:05:07

(10.110.3.100, 226.1.1.1) 1.1.1.1 ? ? 00:32:53 00:05:07

(10.110.3.100, 226.1.1.2) 1.1.1.1 ? ? 00:32:53 00:05:07

(10.110.3.100, 226.1.1.3) 1.1.1.1 ? ? 00:32:53 00:05:07