peer filter-policy
Use peer filter-policy to filter routes advertised to or received from a peer or peer group by using an ACL.
Use undo peer filter-policy to remove the ACL specified to filter routes advertised to or received from a peer or peer group.
Syntax
In BGP IPv4 unicast address family view/BGP-VPN IPv4 unicast address family view/BGP IPv4 multicast address family view:
peer { group-name | ipv4-address [ mask-length ] } filter-policy [ ipv4-acl-number ] { export | import }
undo peer { group-name | ipv4-address [ mask-length ] } filter-policy [ ipv4-acl-number ] { export | import }
In BGP IPv6 unicast address family view:
peer { group-name | ipv6-address [ prefix-length ] } filter-policy [ ipv6-acl-number ] { export | import }
undo peer { group-name | ipv6-address [ prefix-length ] } filter-policy [ ipv6-acl-number ] { export | import }
In BGP-VPN IPv6 unicast address family view/BGP IPv6 multicast address family view:
peer { group-name | ipv6-address [ prefix-length ] } filter-policy [ ipv6-acl-number ] { export | import }
undo peer { group-name | ipv6-address [ prefix-length ] } filter-policy [ ipv6-acl-number ] { export | import }
Default
No ACL-based filtering is configured.
Views
BGP IPv4 unicast address family view
BGP-VPN IPv4 unicast address family view
BGP IPv6 unicast address family view
BGP-VPN IPv6 unicast address family view
BGP IPv4 multicast address family view
BGP IPv6 multicast address family view
Predefined user roles
network-admin
Parameters
group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.
ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.
mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet, this command filters routes advertised to or received from all dynamic peers in the subnet by using an ACL.
ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.
prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet, this command filters routes advertised to or received from all dynamic peers in the subnet by using an ACL.
ipv4-acl-number: Specifies an ACL by its number in the range of 2000 to 3999.
ipv6-acl-number: Specifies an IPv6 ACL by its number in the range of 2000 to 3999.
export: Filters routes advertised to the peer/peer group.
import: Filters routes received from the peer/peer group.
Usage guidelines
The specified ACL used by the peer filter-policy command must have been created with the acl command in system view. Otherwise, all routes can pass the ACL.
If you use a basic ACL (with a number from 2000 to 2999) configured with the rule [ rule-id ] { deny | permit } source source-address source-wildcard command, the command matches routes whose destination network addresses match the source-address source-wildcard argument without matching the masks of the destination addresses.
To use an advanced ACL (with a number from 3000 to 3999) in the command, configure the ACL using one of the following steps:
To deny/permit a route with the specified destination, use the rule [ rule-id ] { deny | permit } ip source sour-addr sour-wildcard command.
To deny/permit a route with the specified destination and mask, use the rule [ rule-id ] { deny | permit } ip source sour-addr sour-wildcard destination dest-addr dest-wildcard command.
The source keyword specifies the destination address of a route and the destination keyword specifies the subnet mask of the destination address. For the mask configuration to take effect, specify a contiguous subnet mask.
Examples
# In BGP IPv4 unicast address family view, apply ACL 2000 to filter routes advertised to peer group test.
<Sysname> system-view [Sysname] bgp 100 [Sysname-bgp-default] address-family ipv4 unicast [Sysname-bgp-default-ipv4] peer test filter-policy 2000 export
Related commands
acl (ACL and QoS Command Reference)
filter-policy export
filter-policy import
peer as-path-acl
peer prefix-list
peer route-policy