R3721-F3210-F3171-HP High-End Firewalls Network Management Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

771

772

773

774

775

776

777

778

779

780

749

ipv6-prefix ipv6-prefix-name: Specifies the name of an IPv6 prefix list, a string of up to 19 characters.

bgp4+: Filters IPv6 BGP routes.

direct: Filters direct routes.

isisv6 process-id: Specifies to filter the routes of an IPv6 IS-IS process, which is in the range of 1 to 65535.

ospfv3 process-id: Specifies to filter the routes of an OSPFv3 process, which is in the range of 1 to

65535.

ripng process-id: Specifies to filter the routes of a RIPng process, which in the range of 1 to 65535.

static: Specifies to filter static routes.

Description

Use filter-policy export to filter redistributed routes.

Use undo filter-policy export to remove the configuration.

By default, IPv6 OSPFv3 does not filter redistributed routes.

The following matrix shows the argument and firewall compatibility:

Command F1000-A-EI/S-EI

F1000-E

F5000 Firewall module

isisv6 No No Yes No

If no protocol is specified, all redistributed routes will be filtered.

If you want to reference an advanced ACL (with a number from 3000 to 3999) in the command, the ACL

should be configured with the rule [ rule-id ] { deny | permit } ipv6 source sour sour-prefix command to

deny/permit a route with the specified destination, or with the rule [ rule-id ] { deny | permit } ipv6 source

sour sour-prefix destination dest dest-prefix command to deny/permit a route with the specified

destination and prefix. The source keyword specifies the destination address of a route and the

destination keyword specifies the prefix of the route (the prefix must be valid; otherwise, the configuration

is ineffective).

Using the filter-policy export command filters only routes redistributed by the import-route command. If

the import-route command is not configured to redistribute routes from other protocols and other OSPFv3

processes, use of the filter-policy export command does not take effect.

Examples

# Filter all redistributed routes using IPv6 ACL 2001.

<Sysname> system-view

[Sysname] acl ipv6 number 2001

[Sysname-acl6-basic-2001] rule permit source 2002:1:: 64

[Sysname-acl6-basic-2001] quit

[Sysname] ospfv3

[Sysname-ospfv3-1] filter-policy 2001 export

# Configure ACL6 3000 to permit only route 2001::1/128 to pass, and reference ACL6 3000 to filter

redistributed routes.

<Sysname> system-view

[Sysname] acl ipv6 number 3000

[Sysname-acl6-adv-3000] rule 10 permit ipv6 source 2001::1 128 destination

ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff 128

[Sysname-acl6-adv-3000] rule 100 deny ipv6