R3166-R3206-HP High-End Firewalls Network Management Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

261

262

263

264

265

266

267

268

269

270

Table Of Contents

Title Page
Contents
Interface management configuration commands
- General Ethernet interface and subinterface configuration commands
- Layer 2 Ethernet interface and subinterface configuration commands
- Layer 3 Ethernet interface and subinterface configuration commands
- Loopback and null interface configuration commands
IP addressing configuration commands
- display ip interface
- display ip interface brief
- ip address
VLAN configuration commands
- Basic VLAN configuration commands
- Port-based VLAN configuration commands
MAC address table configuration commands
- display mac-address
- display mac-address aging-time
- mac-address (interface view)
- mac-address (system view)
- mac-address timer
Spanning tree configuration commands
- active region-configuration
- check region-configuration
- display stp
- display stp abnormal-port
- display stp down-port
- display stp history
- display stp region-configuration
- display stp root
- display stp tc
- instance
- region-name
- reset stp
- revision-level
- stp bpdu-protection
- stp bridge-diameter
- stp compliance
- stp config-digest-snooping
- stp cost
- stp edged-port
- stp enable
- stp loop-protection
- stp max-hops
- stp mcheck
- stp mode
- stp no-agreement-check
- stp pathcost-standard
- stp point-to-point
- stp port priority
- stp priority
- stp region-configuration
- stp root primary
- stp root secondary
- stp root-protection
- stp tc-protection
- stp tc-protection threshold
- stp timer forward-delay
- stp timer hello
- stp timer max-age
- stp timer-factor
- stp transmit-limit
- vlan-mapping modulo
Layer 2 forwarding configuration commands
- General Layer 2 forwarding configuration commands
  - display bridge forwarding statistics
  - reset bridge forwarding statistics
- Inline Layer 2 forwarding configuration commands
DHCP server configuration commands
- bims-server
- bootfile-name
- dhcp enable
- dhcp select server global-pool
- dhcp server detect
- dhcp server forbidden-ip
- dhcp server ip-pool
- dhcp server ping packets
- dhcp server ping timeout
- dhcp server relay information enable
- display dhcp server conflict
- display dhcp server expired
- display dhcp server free-ip
- display dhcp server forbidden-ip
- display dhcp server ip-in-use
- display dhcp server statistics
- display dhcp server tree
- dns-list
- domain-name
- expired
- forbidden-ip
- gateway-list
- nbns-list
- netbios-type
- network
- network ip range
- network mask
- option
- reset dhcp server conflict
- reset dhcp server ip-in-use
- reset dhcp server statistics
- static-bind client-identifier
- static-bind ip-address
- static-bind mac-address
- tftp-server domain-name
- tftp-server ip-address
- voice-config
DHCP relay agent configuration commands
- dhcp relay address-check enable
- dhcp relay information circuit-id format-type
- dhcp relay information circuit-id string
- dhcp relay information enable
- dhcp relay information format
- dhcp relay information remote-id format-type
- dhcp relay information remote-id string
- dhcp relay information strategy
- dhcp relay release ip
- dhcp relay security static
- dhcp relay security refresh enable
- dhcp relay security tracker
- dhcp relay server-detect
- dhcp relay server-group
- dhcp relay server-select
- dhcp select relay
- display dhcp relay
- display dhcp relay information
- display dhcp relay security
- display dhcp relay security statistics
- display dhcp relay security tracker
- display dhcp relay server-group
- display dhcp relay statistics
- reset dhcp relay statistics
DHCP client configuration commands
- display dhcp client
- ip address dhcp-alloc
BOOTP client configuration commands
- display bootp client
- ip address bootp-alloc
IPv4 DNS configuration commands
- display dns domain
- display dns server
- display ip host
- dns domain
- dns proxy enable
- dns resolve
- dns server
- ip host
DDNS configuration commands
- ddns apply policy
- ddns policy
- display ddns policy
- interval
- ssl client policy
- url
ARP configuration commands
- arp check enable
- arp max-learning-num
- arp static
- arp timer aging
- display arp
- display arp ip-address
- display arp timer aging
- display arp vpn-instance
- naturemask-arp enable
- reset arp
Gratuitous ARP configuration commands
- gratuitous-arp-sending enable
- gratuitous-arp-learning enable
- arp send-gratuitous-arp
Proxy ARP configuration commands
- display local-proxy-arp
- display proxy-arp
- local-proxy-arp enable
- proxy-arp enable
QoS policy commands
- Class commands
- Traffic behavior commands
- QoS policy configuration and application commands
Traffic policing commands
- display qos car interface
- display qos carl
- qos car
- qos carl
Static routing configuration commands
- delete static-routes all
- ip route-static
- ip route-static default-preference
RIP configuration commands
- checkzero
- default cost (RIP view)
- default-route
- display rip
- display rip database
- display rip interface
- display rip route
- filter-policy export (RIP view)
- filter-policy import (RIP view)
- host-route
- import-route (RIP view)
- maximum load-balancing (RIP view)
- network
- output-delay
- peer
- preference
- reset rip process
- reset rip statistics
- rip
- rip authentication-mode
- rip default-route
- rip input
- rip metricin
- rip metricout
- rip output
- rip poison-reverse
- rip split-horizon
- rip summary-address
- rip version
- silent-interface (RIP view)
- summary
- timers
- validate-source-address
- version
OSPF configuration commands
- abr-summary (OSPF area view)
- area (OSPF view)
- asbr-summary
- authentication-mode
- bandwidth-reference (OSPF view)
- default
- default-cost (OSPF area view)
- default-route-advertise (OSPF view)
- description (OSPF/OSPF area view)
- display ospf abr-asbr
- display ospf asbr-summary
- display ospf brief
- display ospf cumulative
- display ospf error
- display ospf interface
- display ospf lsdb
- display ospf nexthop
- display ospf peer
- display ospf peer statistics
- display ospf request-queue
- display ospf retrans-queue
- display ospf routing
- display ospf vlink
- enable link-local-signaling
- enable log
- enable out-of-band-resynchronization
- filter
- filter-policy export (OSPF view)
- filter-policy import (OSPF view)
- host-advertise
- import-route (OSPF view)
- log-peer-change
- lsa-arrival-interval
- lsa-generation-interval
- lsdb-overflow-limit
- maximum load-balancing (OSPF view)
- maximum-routes
- network (OSPF area view)
- nssa
- opaque-capability enable
- ospf
- ospf authentication-mode
- ospf cost
- ospf dr-priority
- ospf mtu-enable
- ospf network-type
- ospf packet-process prioritized-treatment
- ospf timer dead
- ospf timer hello
- ospf timer poll
- ospf timer retransmit
- ospf trans-delay
- peer
- preference
- reset ospf counters
- reset ospf process
- reset ospf redistribution
- rfc1583 compatible
- silent-interface (OSPF view)
- snmp-agent trap enable ospf
- spf-schedule-interval
- stub (OSPF area view)
- stub-router
- transmit-pacing
- vlink-peer (OSPF area view)
BGP configuration commands
- aggregate
- balance (BGP/BGP-VPN instance view)
- bestroute as-path-neglect (BGP/BGP-VPN instance view)
- bestroute compare-med (BGP/BGP-VPN instance view)
- bestroute med-confederation (BGP/BGP-VPN instance view)
- bgp
- compare-different-as-med (BGP/BGP-VPN instance view)
- confederation id
- confederation nonstandard
- confederation peer-as
- dampening (BGP/BGP-VPN instance view)
- default ipv4-unicast
- default local-preference (BGP/BGP-VPN instance view)
- default med (BGP/BGP-VPN instance view)
- default-route imported (BGP/BGP-VPN instance view)
- display bgp group
- display bgp network
- display bgp paths
- display bgp peer
- display bgp peer received ip-prefix
- display bgp routing-table
- display bgp routing-table as-path-acl
- display bgp routing-table cidr
- display bgp routing-table community
- display bgp routing-table community-list
- display bgp routing-table dampened
- display bgp routing-table dampening parameter
- display bgp routing-table different-origin-as
- display bgp routing-table flap-info
- display bgp routing-table label
- display bgp routing-table peer
- display bgp routing-table regular-expression
- display bgp routing-table statistic
- ebgp-interface-sensitive
- filter-policy export (BGP/BGP-VPN instance view)
- filter-policy import (BGP/BGP-VPN instance view)
- group (BGP/BGP-VPN instance view)
- import-route (BGP/BGP-VPN instance view)
- import-route guard
- log-peer-change
- network (BGP/BGP-VPN instance view)
- network short-cut (BGP/BGP-VPN instance view)
- peer advertise-community (BGP/BGP-VPN instance view)
- peer advertise-ext-community (BGP/BGP-VPN instance view)
- peer allow-as-loop (BGP/BGP-VPN instance view)
- peer as-number (BGP/BGP-VPN instance view)
- peer as-path-acl (BGP/BGP-VPN instance view)
- peer capability-advertise conventional (BGP/BGP-VPN instance view)
- peer capability-advertise orf
- peer capability-advertise orf non-standard
- peer capability-advertise route-refresh
- peer connect-interface (BGP/BGP-VPN instance view)
- peer default-route-advertise (BGP/BGP-VPN instance view)
- peer description (BGP/BGP-VPN instance view)
- peer ebgp-max-hop (BGP/BGP-VPN instance view)
- peer enable (BGP/BGP-VPN instance view)
- peer fake-as (BGP/BGP-VPN instance view)
- peer filter-policy (BGP/BGP-VPN instance view)
- peer group (BGP/BGP-VPN instance view)
- peer ignore (BGP/BGP-VPN instance view)
- peer ip-prefix
- peer keep-all-routes (BGP/BGP-VPN instance view)
- peer log-change (BGP/BGP-VPN instance view)
- peer next-hop-local (BGP/BGP-VPN instance view)
- peer password
- peer preferred-value (BGP/BGP-VPN instance view)
- peer public-as-only (BGP/BGP-VPN instance view)
- peer reflect-client (BGP/BGP-VPN instance view)
- peer route-limit (BGP/BGP-VPN instance view)
- peer route-policy (BGP/BGP-VPN instance view)
- peer route-update-interval (BGP/BGP-VPN instance view)
- peer substitute-as (BGP/BGP-VPN instance view)
- peer timer (BGP/BGP-VPN instance view)
- preference (BGP/BGP-VPN instance view)
- reflect between-clients (BGP view)
- reflector cluster-id (BGP view)
- refresh bgp
- reset bgp
- reset bgp dampening
- reset bgp flap-info
- reset bgp ipv4 all
- router-id
- summary automatic
- synchronization (BGP view)
- timer (BGP/BGP-VPN instance view)
Basic IP routing configuration commands
- display ip routing-table
- display ip routing-table acl
- display ip routing-table ip-address
- display ip routing-table ip-prefix
- display ip routing-table protocol
- display ip routing-table statistics
- display router id
- router id
- reset ip routing-table statistics protocol
Policy-based routing configuration commands
- apply access-vpn vpn-instance
- apply default output-interface
- apply ip-address default next-hop
- apply ip-address next-hop
- apply ip-precedence
- apply output-interface
- display ip policy-based-route
- display ip policy-based-route setup
- display ip policy-based-route statistics
- display policy-based-route
- if-match acl
- if-match packet-length
- ip local policy-based-route
- ip policy-based-route
- policy-based-route
- reset policy-based-route statistics
Multicast routing configuration commands
- display multicast boundary
- display multicast forwarding-table
- display multicast routing-table
- display multicast routing-table static
- display multicast rpf-info
- ip rpf-route-static
- mac-address multicast
- mtracert
- multicast boundary
- multicast forwarding on-demand
- multicast forwarding-table downstream-limit
- multicast forwarding-table route-limit
- multicast load-splitting
- multicast longest-match
- multicast routing-enable
- reset multicast forwarding-table
- reset multicast routing-table
IGMP configuration commands
- display igmp group
- display igmp interface
- display igmp proxying group
- display igmp routing-table
- display igmp ssm-mapping
- display igmp ssm-mapping group
- fast-leave (IGMP view)
- igmp
- igmp enable
- igmp fast-leave
- igmp group-policy
- igmp last-member-query-interval
- igmp max-response-time
- igmp proxying enable
- igmp proxying forwarding
- igmp require-router-alert
- igmp robust-count
- igmp send-router-alert
- igmp ssm-mapping enable
- igmp startup-query-count
- igmp startup-query-interval
- igmp static-group
- igmp timer other-querier-present
- igmp timer query
- igmp version
- last-member-query-interval (IGMP view)
- max-response-time (IGMP view)
- require-router-alert (IGMP view)
- reset igmp group
- reset igmp ssm-mapping group
- robust-count (IGMP view)
- send-router-alert (IGMP view)
- ssm-mapping (IGMP view)
- startup-query-count (IGMP view)
- startup-query-interval (IGMP view)
- timer other-querier-present (IGMP view)
- timer query (IGMP view)
- version (IGMP view)
PIM configuration commands
- auto-rp enable
- bsr-policy (PIM view)
- c-bsr (PIM view)
- c-bsr admin-scope
- c-bsr global
- c-bsr group
- c-bsr hash-length (PIM view)
- c-bsr holdtime (PIM view)
- c-bsr interval (PIM view)
- c-bsr priority (PIM view)
- c-rp (PIM view)
- c-rp advertisement-interval (PIM view)
- c-rp holdtime (PIM view)
- crp-policy (PIM view)
- display pim bsr-info
- display pim claimed-route
- display pim control-message counters
- display pim grafts
- display pim interface
- display pim join-prune
- display pim neighbor
- display pim routing-table
- display pim rp-info
- hello-option dr-priority (PIM view)
- hello-option holdtime (PIM view)
- hello-option lan-delay (PIM view)
- hello-option neighbor-tracking (PIM view)
- hello-option override-interval (PIM view)
- holdtime assert (PIM view)
- holdtime join-prune (PIM view)
- jp-pkt-size (PIM view)
- jp-queue-size (PIM view)
- pim
- pim bsr-boundary
- pim dm
- pim hello-option dr-priority
- pim hello-option holdtime
- pim hello-option lan-delay
- pim hello-option neighbor-tracking
- pim hello-option override-interval
- pim holdtime assert
- pim holdtime join-prune
- pim neighbor-policy
- pim require-genid
- pim sm
- pim state-refresh-capable
- pim timer graft-retry
- pim timer hello
- pim timer join-prune
- pim triggered-hello-delay
- probe-interval (PIM view)
- prune delay (PIM view)
- register-policy (PIM view)
- register-suppression-timeout (PIM view)
- register-whole-checksum (PIM view)
- reset pim control-message counters
- source-lifetime (PIM view)
- source-policy (PIM view)
- spt-switch-threshold (PIM view)
- ssm-policy (PIM view)
- state-refresh-interval (PIM view)
- state-refresh-rate-limit (PIM view)
- state-refresh-ttl
- static-rp (PIM view)
- timer hello (PIM view)
- timer join-prune (PIM view)
MSDP configuration commands
- cache-sa-enable
- display msdp brief
- display msdp peer-status
- display msdp sa-cache
- display msdp sa-count
- encap-data-enable
- import-source
- msdp
- originating-rp
- peer connect-interface
- peer description
- peer mesh-group
- peer minimum-ttl
- peer request-sa-enable
- peer sa-cache-maximum
- peer sa-policy
- peer sa-request-policy
- reset msdp peer
- reset msdp sa-cache
- reset msdp statistics
- shutdown (MSDP view)
- static-rpf-peer
- timer retry
SSL configuration commands
- ciphersuite
- client-verify enable
- close-mode wait
- display ssl client-policy
- display ssl server-policy
- handshake timeout
- pki-domain
- prefer-cipher
- session
- ssl client-policy
- ssl server-policy
- version
Support and other resources
- Contacting HP
  - Subscription service
- Related information
  - Documents
  - Websites
- Conventions
Index

252

[Sysname-ospf-100] filter-policy 2000 export

# Configure ACL 3000 to permit only route 113.0.0.0/16 to pass, and reference ACL 3000 to filter

redistributed routes.

<Sysname> system-view

[Sysname] acl number 3000

[Sysname-acl-adv-3000] rule 10 permit ip source 113.0.0.0 0 destination 255.255.0.0 0

[Sysname-acl-adv-3000] rule 100 deny ip

[Sysname-acl-adv-3000] quit

[Sysname] ospf 100

[Sysname-ospf-100] filter-policy 3000 export

filter-policy import (OSPF view)

Syntax

filter-policy { acl-number [ gateway ip-prefix-name ] | gateway ip-prefix-name | ip-prefix ip-prefix-name

[ gateway ip-prefix-name ] | route-policy route-policy-name } import

undo filter-policy import

View

OSPF view

Default level

2: System level

Parameters

acl-number: Number of an ACL used to filter incoming routes, in the range 2000 to 3999.

gateway ip-prefix-name: Name of an IP address prefix list used to filter routes based on the next hop of

the routing information, a string of up to 19 characters.

ip-prefix ip-prefix-name: Name of an IP address prefix list used to filter incoming routes based on

destination IP address, a string of up to 19 characters.

route-policy route-policy-name: Name of a route policy used to filter incoming routes based on route

policy, a string of up to 19 characters.

Description

Use the filter-policy import command to configure the filtering of routes calculated from received LSAs.

Use the undo filter-policy import command to disable the filtering.

By default, the filtering is not configured.

NOTE:

If you want to reference an advanced ACL (with a number from 3000 to 3999) in the command or in the

route policy, the ACL should be configured with the rule [

rule-id

] { deny | permit } ip source

sour-add

sour-wildcard

command to deny/permit a route with the specified destination, or with the rule [

rule-id

]

{ deny | permit } ip source

sour-addr sour-wildcard

destination

dest-addr dest-wildcard

command to

deny/permit a route with the specified destination and mask. The source keyword specifies the destination

address of a route while the destination keyword specifies the subnet mask of the route (the subnet mask

must be valid; otherwise, the configuration is ineffective).