Why does an SA filtering policy fail to take effect on the MSDP peer originating SA messages

The reason why the configuration of the peer peer-address sa-policy export [ acl advanced-acl-number ] command cannot take effect to filter the SA messages to be sent is:

In the MSDP view, the import-source [ acl acl-number ] command creates a policy to filter local source information sent to other peers, whereas the peer peer-address sa-policy { export | import } [ acl advanced-acl-number ] configures a policy to filter SA messages to be forwarded.

Therefore, the peer peer-address sa-policy export [ acl advanced-acl-number ] command cannot be used to filter locally originated SA messages. To configure an SA filtering on the RP where SA messages are originated, use the import-source [ acl acl-number ] command.

Scroll to top