326
The
sour-addr sour-wildcard
argument combination matches the destination address of a route without
matching the mask in the route.
The
dest-addr dest-wildcard
argument combination matches the subnet mask of the route without
matching the destination address in the route. The
dest-wildcard
must be contiguous. Otherwise, the ACL
rule does not take effect.
Examples
# In BGP IPv4 unicast address family view, use ACL 2000 to filter advertised BGP IPv4 routes.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp] address-family ipv4 unicast
[Sysname-bgp-ipv4] filter-policy 2000 export
# In BGP-VPN IPv6 unicast address family view, use ACL 2000 to filter advertised BGP IPv6 routes.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp] ip vpn-instance vpn1
[Sysname-bgp-vpn1] address-family ipv6 unicast
[Sysname-bgp-ipv6-vpn1] filter-policy 2000 export
# Configure ACL 3000 to permit only route 113.0.0.0/16 to pass, and use ACL 3000 to filter advertised
BGP routes.
<Sysname> system-view
[Sysname] acl number 3000
[Sysname-acl-adv-3000] rule 10 permit ip source 113.0.0.0 0 destination 255.255.0.0 0
[Sysname-acl-adv-3000] rule 100 deny ip
[Sysname-acl-adv-3000] quit
[Sysname] bgp 100
[Sysname-bgp] address-family ipv4 unicast
[Sysname-bgp-ipv4] filter-policy 3000 export
Related commands
•
filter-policy import
•
peer as-path-acl
•
peer filter-policy
•
peer prefix-list
•
peer route-policy
filter-policy import
Use
filter-policy import
to filter received BGP routes.
Use
undo filter-policy import
to remove the filter..
Syntax
In BGP IPv4 unicast address family view/BGP-VPN IPv4 unicast address family view/BGP VPNv4
address family view:
filter-policy
{
acl-number
|
prefix-list
prefix-list-name
}
import
undo filter-policy
import
