HP VPN Firewall Appliances Network Management Command Reference

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

311

312

313

314

315

316

317

318

319

320

285

Hardware Protocol

words

F1000-E bgp, direct, ospf, rip, and static

F5000 bgp, direct, isis, ospf, rip, and static

F5000-S/F5000-C bgp, direct, ospf, rip, and static

VPN firewall modules bgp, direct, ospf, rip, and static

20-Gbps VPN firewall modules bgp, direct, ospf, rip, and static

process-id: Specifies the process ID of the specified routing protocol, in the range of 1 to 65535. You

need to specify a process ID when the routing protocol is rip, isis, or ospf.

interface-type interface-number: Specifies an interface by its type and number.

Usage guidelines

If a protocol is specified, RIP filters only the routes redistributed from the specified routing protocol.

Otherwise, RIP filters all outbound routes.

If an interface is, RIP filters only the routes advertised by the specified interface. Otherwise, RIP filters

routes advertised by all RIP interfaces.

To reference an advanced ACL (with a number from 3000 to 3999) in the command, configure the ACL

in one of the following ways:

• To deny/permit a route with the specified destination, use the rule [ rule-id ] { deny | permit } ip

source sour-addr sour-wildcard command

• To deny/permit a route with the specified destination and mask, use the rule [ rule-id ] { deny |

permit } ip source sour-addr sour-wildcard destination dest-addr dest-wildcard command.

The source keyword specifies the destination address of a route and the destination keyword specifies the

subnet mask of the route. The specified subnet mask must be contiguous. Otherwise, the configuration

does not take effect.

Examples

# Use ACL 2000 to filter outbound routes.

<Sysname> system-view

[Sysname] acl number 2000

[Sysname-acl-basic-2000] rule deny source 192.168.10.0 0.0.0.255

[Sysname-acl-basic-2000] quit

[Sysname] rip 1

[Sysname-rip-1] filter-policy 2000 export

# Use IP prefix list abc to filter outbound routes on GigabitEthernet 0/1.

[Sysname-rip-1] filter-policy ip-prefix abc export gigabitethernet 0/1

# Configure ACL 3000 to permit only route 113.0.0.0/16 to pass. Use ACL 3000 to filter outbound

routes.

<Sysname> system-view

[Sysname] acl number 3000

[Sysname-acl-adv-3000] rule 10 permit ip source 113.0.0.0 0 destination 255.255.0.0 0

[Sysname-acl-adv-3000] rule 100 deny ip

[Sysname-acl-adv-3000] quit

[Sysname] rip 1

[Sysname-rip 1] filter-policy 3000 export