R3721-F3210-F3171-HP High-End Firewalls Network Management Command Reference-6PW101
796
Ar
g
ument F1000-A-EI/S-EI
F1000-E
F5000
Firewall module
protocol
Yes.
Excludes isisv6.
Yes.
Excludes isisv6.
Yes.
Includes isisv6.
Yes.
Excludes isisv6.
If a protocol is specified, only routes redistributed from the specified protocol are filtered. If no protocol
is specified, all redistributed routes will be filtered.
If you want to reference an advanced ACL (with a number from 3000 to 3999) in the command, the ACL
should be configured with the rule [ rule-id ] { deny | permit } ipv6 source sour sour-prefix command to
deny/permit a route with the specified destination, or with the rule [ rule-id ] { deny | permit } ipv6 source
sour sour-prefix destination dest dest-prefix command to deny/permit a route with the specified
destination and prefix. The source keyword specifies the destination address of a route and the
destination keyword specifies the prefix of the route (the prefix must be valid; otherwise, the configuration
is ineffective).
Examples
# Reference ACL6 2001 to filter all outbound IPv6 BGP routes.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp] ipv6-family
[Sysname-bgp-af-ipv6] filter-policy 2001 export
# Configure ACL6 3000 to permit only route 2001::1/128 to pass, and reference ACL6 3000 to filter
outbound routes.
<Sysname> system-view
[Sysname] acl ipv6 number 3000
[Sysname-acl6-adv-3000] rule 10 permit ipv6 source 2001::1 128 destination
ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff 128
[Sysname-acl6-adv-3000] rule 100 deny ipv6
[Sysname-acl6-adv-3000] quit
[Sysname] bgp 100
[Sysname-bgp] ipv6-family
[Sysname-bgp-af-ipv6] filter-policy 3000 export
filter-policy import
Syntax
filter-policy { acl6-number | ipv6-prefix ipv6-prefix-name } import
undo filter-policy import
View
IPv6 address family view, IPv6 BGP-VPN instance view
Default level
2: System level
Parameters
acl6-number: Number of an IPv6 ACL used to match against the destination address field of routing
information, ranging from 2000 to 3999.