filter-policy import
Use filter-policy import to filter received BGP routes.
Use undo filter-policy import to restore the default.
Syntax
In BGP IPv4 unicast address family view/BGP-VPN IPv4 unicast address family view/BGP IPv4 multicast address family view:
filter-policy { ipv4-acl-number | prefix-list ipv4-prefix-list-name } import
undo filter-policy import
In BGP IPv6 unicast address family view/BGP-VPN IPv6 unicast address family view/BGP IPv6 multicast address family view:
filter-policy { ipv6-acl-number | prefix-list ipv6-prefix-list-name } import
undo filter-policy import
Default
Received BGP routes are not filtered.
Views
BGP IPv4 unicast address family view
BGP-VPN IPv4 unicast address family view
BGP IPv6 unicast address family view
BGP-VPN IPv6 unicast address family view
BGP IPv4 multicast address family view
BGP IPv6 multicast address family view
Predefined user roles
network-admin
Parameters
ipv4-acl-number: Specifies an IPv4 ACL by its number in the range of 2000 to 3999, to match routes by destination.
ipv6-acl-number: Specifies an IPv6 ACL by its number in the range of 2000 to 3999, to match routes by destination.
prefix-list ipv4-prefix-list-name: Specifies an IPv4 prefix list by its name, a case-sensitive string of 1 to 63 characters, to match routes by destination.
prefix-list ipv6-prefix-list-name: Specifies an IPv6 prefix list by its name, a case-sensitive string of 1 to 63 characters, to match routes by destination.
Usage guidelines
If you use a basic ACL (with a number from 2000 to 2999) configured with the rule [ rule-id ] { deny | permit } source source-address source-wildcard command, the command matches routes whose destination network addresses match the source-address source-wildcard argument. However, it does not match the masks of the destination addresses.
To use an advanced ACL (with a number from 3000 to 3999) in the command, configure the ACL using one of the following steps:
To deny/permit a route with the specified destination, use the rule [ rule-id ] { deny | permit } ip source sour-addr sour-wildcard command.
To deny/permit a route with the specified destination and mask, use the rule [ rule-id ] { deny | permit } ip source sour-addr sour-wildcard destination dest-addr dest-wildcard command.
The source keyword specifies the destination address of a route and the destination keyword specifies the subnet mask of the destination address. For the mask configuration to take effect, specify a contiguous subnet mask.
Examples
# In BGP IPv4 unicast address family view, use IPv4 basic ACL 2000 to filter received BGP routes.
<Sysname> system-view [Sysname] bgp 100 [Sysname-bgp-default] address-family ipv4 unicast [Sysname-bgp-default-ipv4] filter-policy 2000 import
Related commands
filter-policy export
peer as-path-acl
peer filter-policy
peer prefix-list
peer route-policy