HP VPN Firewall Appliances Network Management Command Reference

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

811

812

813

814

815

816

817

818

819

820

790

Parameters

acl6-number: Specifies the number of an ACL to filter advertised routing information, in the range of

2000 to 3999.

ipv6-prefix ipv6-prefix-name: Specifies the name of an IPv6 prefix list used to filter routing information,

a string of 1 to 19 characters.

protocol: Filters routes redistributed from a routing protocol, including bgp4+, direct, isisv6, ospfv3,

ripng, and static.

The following matrix shows the values for the protocol argument on different firewalls and firewall

modules:

Hardware Protocol

words

F1000-A-EI/F1000-S-EI bgp4+, direct, ospfv3, ripng, and static

F1000-E bgp4+, direct, ospfv3, ripng, and static

F5000 bgp4+, direct, isisv6, ospfv3, ripng, and static

F5000-S/F5000-C bgp4+, direct, ospfv3, ripng, and static

VPN firewall modules bgp4+, direct, ospfv3, ripng, and static

20-Gbps VPN firewall modules bgp4+, direct, ospfv3, ripng, and static

process-id: Process number of the specified routing protocol, in the range of 1 to 65535. This argument

is available only when the routing protocol is isisv6, ripng, or ospfv3.

Usage guidelines

With the protocol argument specified, only routing information redistributed from the specified routing

protocol will be filtered. Otherwise, all outgoing routing information will be filtered.

To reference an advanced ACL (with a number from 3000 to 3999) in the command, configure the ACL

in one of the following ways:

• To deny/permit a route with the specified destination, use rule [ rule-id ] { deny | permit } ipv6

source sour sour-prefix.

• To deny/permit a route with the specified destination and prefix, use rule [ rule-id ] { deny | permit }

ipv6 source sour sour-prefix destination dest dest-prefix.

The source keyword specifies the destination address of a route, and the destination keyword specifies

the prefix of the route. (The prefix must be valid; otherwise, the configuration is ineffective.)

Examples

# Use IPv6 prefix list Filter 2 to filter advertised RIPng updates.

<Sysname> system-view

[Sysname] ripng 100

[Sysname-ripng-100] filter-policy ipv6-prefix Filter2 export

# Configure ACL6 3000 to permit only route 2001::1/128 to pass, and reference ACL6 3000 to filter

advertised RIPng updates.

<Sysname> system-view

[Sysname] acl ipv6 number 3000

[Sysname-acl6-adv-3000] rule 10 permit ipv6 source 2001::1 128 destination

ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff 128

[Sysname-acl6-adv-3000] rule 100 deny ipv6