R21xx-HP FlexFabric 11900 Layer 3 IP Routing Command Reference
249
The following guidelines apply when you use an advanced ACL (with a number from 3000 to 3999) in
the command:
• To deny/permit a route with the specified destination, use the rule [ rule-id ] { deny | permit } ip
source sour-addr sour-wildcard command.
• To deny/permit a route with the specified destination and mask, use the rule [ rule-id ] { deny |
permit } ip source sour-addr sour-wildcard destination dest-addr dest-wildcard command to
deny/permit a route with the specified destination and mask.
The source keyword specifies the destination address of a route and the destination keyword specifies the
subnet mask of the destination. The subnet mask must be contiguous. Otherwise, the configuration does
not take effect.
Examples
# In BGP IPv4 unicast address family view, use ACL 2000 to filter outbound BGP routes.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp] ipv4-family unicast
[Sysname-bgp-ipv4] filter-policy 2000 export
# In BGP-VPN IPv6 unicast address family view, use ACL6 2000 to filter outbound BGP routes.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp] ip vpn-instance vpn1
[Sysname-bgp-vpn1] ipv6-family unicast
[Sysname-bgp-ipv6-vpn1] filter-policy 2000 export
# Configure ACL 3000 to permit only route 113.0.0.0/16 to pass, and use ACL 3000 to filter outbound
routes.
<Sysname> system-view
[Sysname] acl number 3000
[Sysname-acl-adv-3000] rule 10 permit ip source 113.0.0.0 0 destination 255.255.0.0 0
[Sysname-acl-adv-3000] rule 100 deny ip
[Sysname-acl-adv-3000] quit
[Sysname] bgp 100
[Sysname-bgp] ipv4-family unicast
[Sysname-bgp-ipv4] filter-policy 3000 export
Related commands
• filter-policy import
• peer as-path-acl
• peer filter-policy
• peer prefix-list
• peer route-policy
filter-policy import
Use filter-policy import to filter inbound routing information by using a specified filter.
Use undo filter-policy import to cancel filtering inbound routing information.