Configuration Guide User guide

ManualsBrandsBrocade ManualsComputer AccessoriesFastIron

1451

1394 FastIron Configuration Guide

53-1002494-02

Filtering

This section describes the following:

• “Specific IP address filtering” on page 1394

• “AS-path filtering” on page 1395

• “BGP4 filtering communities” on page 1399

• “Defining IP prefix lists” on page 1401

• “Defining neighbor distribute lists” on page 1402

• “Defining route maps” on page 1403

• “Using a table map to set the rag value” on page 1411

• “Configuring cooperative BGP4 route filtering” on page 1411

Specific IP address filtering

You can configure the router to explicitly permit or deny specific IP addresses received in updates

from BGP4 neighbors by defining IP address filters. The router permits all IP addresses by default.

You can define up to 100 IP address filters for BGP4.

• If you want permit to remain the default behavior, define individual filters to deny specific IP

addresses.

• If you want to change the default behavior to deny, define individual filters to permit specific IP

addresses.

NOTE

Once you define a filter, the default action for addresses that do not match a filter is “deny”. To

change the default action to “permit”, configure the last filter as “permit any any”.

Address filters can be referred to by a BGP neighbor's distribute list number as well as by match

statements in a route map.

NOTE

If the filter is referred to by a route map match statement, the filter is applied in the order in which

the filter is listed in the match statement.

NOTE

You also can filter on IP addresses by using IP ACLs.

To define an IP address filter to deny routes to 209.157.0.0, enter the following command.

Brocade(config-bgp-router)#address-filter 1 deny 209.157.0.0 255.255.0.0

Syntax: address-filter <num> permit | deny <ip-addr> <wildcard> <mask> <wildcard>

The <num> parameter is the filter number.

The permit | deny parameter indicates the action the Layer 3 switch takes if the filter match is true.

• If you specify permit, the Layer 3 switch permits the route into the BGP4 table if the filter match

is true.

• If you specify deny, the Layer 3 switch denies the route from entering the BGP4 table if the filter

match is true.