R3721-F3210-F3171-HP High-End Firewalls Network Management Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

471

472

473

474

475

476

477

478

479

480

447

Default level

2: System level

Parameters

acl-number: Specifies the number of an ACL that is used to filter redistributed routes, ranging from 2000

to 3999. For ACL configuration information, see Access Control Command Reference.

ip-prefix ip-prefix-name: Specifies the name of an IP prefix list that is used to filter redistributed routes, a

case-sensitive string of 1 to 19 characters. For IP prefix list configuration information, see “Routing policy

configuration commands.”

route-policy route-policy-name: Specifies the name of a routing policy that is used to filter redistributed

routes, a case-sensitive string of 1 to 63 characters. For routing policy configuration information, see

"Routing policy configuration commands."

protocol: Filters routes redistributed from the routing protocol, which can be BGP, direct, IS-IS, OSPF, RIP

or static.

process-id: Process ID, in the range of 1 to 65535. It is optional only when the protocol is IS-IS, OSPF or

RIP.

Description

Use filter-policy export to configure IS-IS to filter redistributed routes.

Use undo filter-policy export to disable IS-IS from filtering redistributed routes.

IS-IS does not filter redistributed routes by default.

NOTE:

• If you want to reference an advanced ACL (with a number from 3000 to 3999) in the command or in the

routing policy, the ACL should be configured with the rule [

rule-id

] { deny | permit } ip source

sour-addr sour-wildcard

command to deny/permit a route with the specified destination, or with the

rule [

rule-id

] { deny | permit } ip source

sour-addr sour-wildcard

destination

dest-addr dest-

ildcar

command to deny/permit a route with the specified destination and mask. The source keyword specifies

the destination address of a route and the destination keyword specifies the subnet mask of the route

(the subnet mask must be valid; otherwise, the configuration is ineffective).

• If no topology is specified, the routes redistributed from the base topology will be filtered.

Related commands: filter-policy import.

Examples

# Reference ACL 2000 to filter redistributed routes.

<Sysname> system-view

[Sysname] acl number 2000

[Sysname-acl-basic-2000] rule deny source 192.168.10.0 0.0.0.255

[Sysname-acl-basic-2000] quit

[Sysname] isis 1

[Sysname-isis-1] filter-policy 2000 export

# Configure ACL 3000 to permit only route 113.0.0.0/16 to pass, and reference ACL 3000 to filter

redistributed routes.

<Sysname> system-view

[Sysname] acl number 3000

[Sysname-acl-adv-3000] rule 10 permit ip source 113.0.0.0 0 destination 255.255.0.0 0