HP VPN Firewall Appliances Network Management Configuration Guide
428
4. Configure Firewall to filter out the route 3.1.3.0/24:
# Configure the IPv4 prefix list.
[Firewall] ip ip-prefix prefix1 index 1 deny 3.1.3.0 24
[Firewall] ip ip-prefix prefix1 index 2 permit 3.1.1.0 24
[Firewall] ip ip-prefix prefix1 index 3 permit 3.1.2.0 24
# Reference the prefix list to filter out the route 3.1.3.0/24.
[Firewall] ospf 1
[Firewall-ospf-1] filter-policy ip-prefix prefix1 export static
# Display the OSPF routing table of Router A.
<RouterA> display ip routing-table
Routing Tables: Public
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost NextHop Interface
3.1.1.0/24 O_ASE 150 1 10.2.1.2 GE0/2
3.1.2.0/24 O_ASE 150 1 10.2.1.2 GE0/2
10.1.1.0/24 Direct 0 0 10.1.1.1 GE0/1
10.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
10.2.1.0/24 Direct 0 0 10.2.1.1 GE0/2
10.2.1.1/32 Direct 0 0 127.0.0.1 InLoop0
10.3.1.0/24 OSPF 10 4 10.1.1.2 GE0/1
10.4.1.0/24 OSPF 10 13 10.2.1.2 GE0/2
10.5.1.0/24 OSPF 10 14 10.1.1.2 GE0/1
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
The route destined for network 3.1.3.0/24 is filtered out.
5. Configure Router A to filter out route 10.5.1.1/24:
# Configure the ACL on Router A.
<RouterA> system-view
[RouterA] acl number 2000
[RouterA-acl-basic-2000] rule 0 deny source 10.5.1.0 0.0.0.255
[RouterA-acl-basic-2000] rule 1 permit source any
[RouterA-acl-basic-2000] quit
# Use the ACL to filter route 10.5.1.0/24.
[RouterA] ospf 1
[RouterA-ospf-1] filter-policy 2000 import
[RouterA-ospf-1] quit
# Display the OSPF routing table on Router A.
[RouterA] display ip routing-table
Routing Tables: Public
Destinations : 10 Routes : 10
Destination/Mask Proto Pre Cost NextHop Interface
3.1.1.0/24 O_ASE 150 1 10.2.1.2 GE0/2
3.1.2.0/24 O_ASE 150 1 10.2.1.2 GE0/2