R3721-F3210-F3171-HP High-End Firewalls Network Management Command Reference-6PW101
379
Ar
g
ument F1000-A-EI/S-EI
F1000-E
F5000 Firewall module
isis process-id
Yes.
Excludes isis.
Yes.
Excludes isis.
Yes.
Includes isis.
Yes.
Excludes isis.
NOTE:
If you want to reference an advanced ACL (with a number from 3000 to 3999) in the command, the ACL
should be configured with the rule [
rule-id
] { deny | permit } ip source
sour-addr sour-wildcard
command to deny/permit a route with the specified destination, or with the rule [
rule-id
] { deny |
permit } ip source
sour-addr sour-wildcard
destination
dest-addr dest-wildcard
command to
deny/permit a route with the specified destination and mask. The source keyword specifies the destination
address of a route and the destination keyword specifies the subnet mask of the route (the subnet mask
must be valid; otherwise, the configuration is ineffective).
Examples
# In BGP view, reference ACL 2000 to filter all outgoing routes.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp] filter-policy 2000 export
# In BGP-VPN instance view, reference ACL 2000 to filter all outgoing routes (the VPN has been
created).
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp] ipv4-family vpn-instance vpn1
[Sysname-bgp-vpn1] filter-policy 2000 export
# Configure ACL 3000 to permit only route 113.0.0.0/16 to pass, and reference ACL 3000 to filter
outgoing routes.
<Sysname> system-view
[Sysname] acl number 3000
[Sysname-acl-adv-3000] rule 10 permit ip source 113.0.0.0 0 destination 255.255.0.0 0
[Sysname-acl-adv-3000] rule 100 deny ip
[Sysname-acl-adv-3000] quit
[Sysname] bgp 100
[Sysname-bgp] filter-policy 3000 export
filter-policy import (BGP/BGP-VPN instance view)
Syntax
filter-policy { acl-number | ip-prefix ip-prefix-name } import
undo filter-policy import
View
BGP view, BGP-VPN instance view
Default level
2: System level