Cisco Systems 3560 Manual Do Utilizador
45-12
Catalyst 3560 Switch Software Configuration Guide
OL-8553-06
Chapter 45 Configuring MSDP
Configuring MSDP
Using a Filter
By creating a filter, you can perform one of these actions:
•
Filter all source/group pairs
•
Specify an IP extended access list to pass only certain source/group pairs
•
Filter based on match criteria in a route map
Beginning in privileged EXEC mode, follow these steps to apply a filter. This procedure is optional.
Command
Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
ip msdp sa-filter out ip-address | name
or
ip msdp sa-filter out {ip-address | name}
list access-list-number
list access-list-number
or
ip msdp sa-filter out {ip-address | name}
route-map map-tag
route-map map-tag
Filter all SA messages to the specified MSDP peer.
or
To the specified peer, pass only those SA messages that pass the IP
extended access list. The range for the extended access-list-number
is 100 to 199.
extended access list. The range for the extended access-list-number
is 100 to 199.
If both the list and the route-map keywords are used, all conditions
must be true to pass any (S,G) pair in outgoing SA messages.
must be true to pass any (S,G) pair in outgoing SA messages.
or
To the specified MSDP peer, pass only those SA messages that meet the
match criteria in the route map map-tag.
match criteria in the route map map-tag.
If all match criteria are true, a permit from the route map passes routes
through the filter. A deny filters routes.
through the filter. A deny filters routes.
Step 3
access-list access-list-number {deny |
permit} protocol source source-wildcard
destination destination-wildcard
permit} protocol source source-wildcard
destination destination-wildcard
(Optional) Create an IP extended access list, repeating the command as
many times as necessary.
many times as necessary.
•
For access-list-number, enter the number specified in Step 2.
•
The deny keyword denies access if the conditions are matched. The
permit keyword permits access if the conditions are matched.
permit keyword permits access if the conditions are matched.
•
For protocol, enter ip as the protocol name.
•
For source, enter the number of the network or host from which the
packet is being sent.
packet is being sent.
•
For source-wildcard, enter the wildcard bits in dotted decimal
notation to be applied to the source. Place ones in the bit positions
that you want to ignore.
notation to be applied to the source. Place ones in the bit positions
that you want to ignore.
•
For destination, enter the number of the network or host to which
the packet is being sent.
the packet is being sent.
•
For destination-wildcard, enter the wildcard bits in dotted decimal
notation to be applied to the destination. Place ones in the bit
positions that you want to ignore.
notation to be applied to the destination. Place ones in the bit
positions that you want to ignore.
Recall that the access list is always terminated by an implicit deny
statement for everything.
statement for everything.
Step 4
end
Return to privileged EXEC mode.