F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Network Management Command Reference-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

371

372

373

374

375

376

377

378

379

380

Table Of Contents

345

Default

Routes calculated using received LSAs are not filtered.

Views

OSPF view

Default command level

2: System level

Parameters

acl-number: Specifies an ACL by its number in the range of 2000 to 3999 to filter inbound routes by

destination.

gateway ip-prefix-name: Specifies an IP address prefix list by its name, a string of up to 19 characters, to

filter inbound routes by next hop. For more information about IP prefix lists, see Network Management

Configuration Guide.

ip-prefix ip-prefix-name: Specifies an IP address prefix list by its name, a string of up to 19 characters, to

filter inbound routes by destination. For more information about IP prefix lists, see Network Management

Configuration Guide.

route-policy route-policy-name: Specifies a routing policy, a case-sensitive string of 1 to 63 case-sensitive

characters, to filter inbound routes. For more information about routing policy, see Network

Management Configuration Guide.

Usage guidelines

To reference an advanced ACL (with a number from 3000 to 3999) in the command, configure the ACL

in one of the following ways:

• To deny/permit a route with the specified destination, use the rule [ rule-id ] { deny | permit } ip

source sour-addr sour-wildcard command.

• To deny/permit a route with the specified destination and mask, use the rule [ rule-id ] { deny |

permit } ip source sour-addr sour-wildcard destination dest-addr dest-wildcard command.

The source keyword specifies the destination address of a route and the destination keyword specifies the

subnet mask of the route. The subnet mask must be contiguous. Otherwise, the configuration does not

take effect.

Examples

# Use ACL 2000 to filter inbound routes.

<Sysname> system-view

[Sysname] acl number 2000

[Sysname-acl-basic-2000] rule deny source 192.168.10.0 0.0.0.255

[Sysname-acl-basic-2000] quit

[Sysname] ospf 100

[Sysname-ospf-100] filter-policy 2000 import

# Configure ACL 3000 to permit only route 113.0.0.0/16 to pass. Use ACL 3000 to filter inbound routes.

<Sysname> system-view

[Sysname] acl number 3000

[Sysname-acl-adv-3000] rule 10 permit ip source 113.0.0.0 0 destination 255.255.0.0 0

[Sysname-acl-adv-3000] rule 100 deny ip

[Sysname-acl-adv-3000] quit

[Sysname] ospf 100