Policy Filters
You can configure a policy filter to control the flow of SA
messages going to or coming from an MSDP peer. For example, policy filters can help
mitigate state explosion during denial of service (DoS) or other attacks by limiting
what is propagated to other domains using MSDP.
-
Configure an incoming or outgoing policy
filter for SA messages.
configure msdp peer [remoteaddr | all]
sa-filter [in | out] [filter-name | none] {vr
vr_name}
-
To remove a policy filter for SA messages, use the none keyword:
configure msdp [{peer}
remoteaddr | peer
all] sa-filter [in | out]
none
-
Verify that a policy filter is configured on an MSDP
peer.
show msdp [peer
{detail} | {peer} remoteaddr] {vr
vr_name}