HP VPN Firewall Appliances Network Management Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

951

952

953

954

955

956

957

958

959

960

931

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Create a routing policy and a

node and enter routing policy

view.

route-policy route-policy-name { deny |

permit } node node-number

By default, no routing policy

is created.

Configuring if-match clauses

Follow these guidelines when you configure if-match clauses:

• The if-match clauses of a routing policy node have a logical AND relationship. A route must match

all if-match clauses before it can be handled by the apply clauses of the node. If an if-match

command exceeds the maximum length, multiple identical if-match clauses are generated. These

clauses have a logical OR relationship. A route only needs to match one of them.

• You can specify no or multiple if-match clauses for a routing policy node. If no if-match clause is

specified for a permit-mode node, all routing information can pass the node. If no if-match clause

is specified for a deny-mode node, no routing information can pass the node.

• If the ACL referenced by an if-match clause does not exist, the clause is always matched; if no rules

of the referenced ACL are matched or the matching rule is inactive, the clause is not matched.

• An ACL specified in an if-match clause must be a non-VPN ACL.

• The if-match command for matching IPv4 destination, next hop, and source is different from the

if-match command for matching IPv6 ones.

• BGP does not support criteria for matching against outbound interfaces of routing information.

To configure if-match clauses for a routing policy:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enter routing policy view.

route-policy route-policy-name { deny |

permit } node node-number

N/A

3. Define match criteria for

IPv4 routes.

• Match IPv4 routing information

specified in the ACL:

if-match acl acl-number

• Match IPv4 routing information

specified in the IP prefix list:

if-match ip-prefix ip-prefix-name

• Match IPv4 routing information

whose next hop or source is

specified in the ACL or IP prefix list:

if-match ip { next-hop |

route-source } { acl acl-number |

ip-prefix ip-prefix-name }

Optional.

Not configured by default.

4. Match IPv6 routing

information whose next

hop or source is

specified in the ACL or IP

prefix list.

if-match ipv6 { address | next-hop |

route-source } { acl acl-number |

prefix-list ipv6-prefix-name }

Optional.

Not configured by default.