filter-policy import
Use filter-policy import to filter received BGP routes.
Use undo filter-policy import to remove the filter..
Syntax
In BGP IPv4 unicast address family view/BGP-VPN IPv4 unicast address family view/BGP VPNv4 address family view:
filter-policy { acl-number | prefix-list prefix-list-name } import
undo filter-policy import
In BGP IPv6 unicast address family view/BGP-VPN IPv6 unicast address family view/BGP VPNv6 address family view:
filter-policy { acl6-number | prefix-list ipv6-prefix-name } import
undo filter-policy import
Default
Received BGP routes are not filtered.
Views
BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, BGP VPNv4 address family view, BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, BGP VPNv6 address family view
Predefined user roles
network-admin
mdc-admin
Parameters
acl-number: Specifies an ACL by its number in the range of 2000 to 3999 to match routes by destination.
acl6-number: Specifies an ACL6 by its number in the range of 2000 to 3999 to match routes by destination.
prefix-list prefix-list-name: Specifies an IPv4 prefix list by its name, a case-sensitive string of 1 to 63 characters, to match routes by destination.
prefix-list ipv6-prefix-name: Specifies an IPv6 prefix list by its name, a case-sensitive string of 1 to 63 characters, to match routes by destination.
Usage guidelines
If you use a basic ACL (with a number from 2000 to 2999) configured with the rule [ rule-id ] { deny | permit } source source-address source-wildcard command, the command matches routes whose destination network addresses match the source-address source-wildcard argument without matching the masks of the destination addresses.
To use an advanced ACL (with a number from 3000 to 3999) in the command, configure the ACL using one of the following steps:
To deny/permit a route with the specified destination, use the rule [ rule-id ] { deny | permit } ip source sour-addr sour-wildcard command.
To deny/permit a route with the specified destination and mask, use the rule [ rule-id ] { deny | permit } ip source sour-addr sour-wildcard destination dest-addr dest-wildcard command.
The source keyword specifies the destination address of a route and the destination keyword specifies the subnet mask of the destination. The subnet mask must be contiguous. Otherwise, the configuration does not take effect.
Examples
# In BGP IPv4 unicast address family view, use ACL 2000 to filter received BGP routes.
<Sysname> system-view [Sysname] bgp 100 [Sysname-bgp] address-family ipv4 unicast [Sysname-bgp-ipv4] filter-policy 2000 import
# In BGP-VPN IPv6 unicast address family view, use ACL6 2000 to filter received BGP routes.
<Sysname> system-view [Sysname] bgp 100 [Sysname-bgp] ip vpn-instance vpn1 [Sysname-bgp-vpn1] address-family ipv6 unicast [Sysname-bgp-ipv6-vpn1] filter-policy 2000 import
# Configure ACL6 3000 to permit only route 113.0.0.0/16 to pass, and use ACL 3000 to filter received BGP routes.
<Sysname> system-view [Sysname] acl number 3000 [Sysname-acl-adv-3000] rule 10 permit ip source 113.0.0.0 0 destination 255.255.0.0 0 [Sysname-acl-adv-3000] rule 100 deny ip [Sysname-acl-adv-3000] quit [Sysname] bgp 100 [Sysname-bgp] address-family ipv4 unicast [Sysname-bgp-ipv4] filter-policy 3000 import
Related commands
filter-policy export
peer as-path-acl
peer filter-policy
peer prefix-list
peer route-policy