|
|
|
Use these commands to configure IPv4 inbound route filters:
set inbound-route-filter <protocol> <protocol parameter> accept-all-ipv4 restrict-all-ipv4 route <IPv4_prefix / mask> <per-route protocol parameter> <route parameter> |
Parameters
Parameter |
Description |
|---|---|
|
The IPv4 protocol to which the inbound route filter policy applies.
|
|
Protocol-specific parameters that apply to all routes imported for that protocol. These change per protocol. See the list of options for each protocol. |
|
Accept all IPv4 routes by default for this protocol. All routes are accepted with default settings unless specified otherwise. |
|
Restrict all IPv4 routes by default for this protocol. No routes are accepted unless specified otherwise. |
|
Configure policy for a prefix or mask length |
|
Protocol-specific parameters that apply to specific prefixes. These change per protocol. See the list of options for for each protocol. |
|
Specific routes imported by inbound route filters use these options, regardless of which protocol is importing them. These only apply to routes specified with the route keyword, not accept-all-ipv4.
|
BGP uses individual policy entries to configure per-AS or per-AS-path rules.
Syntax
set inbound-route-filter bgp-policy <Policy_ID> |
Parameters
BGP policy can also import IPv6, while IPv6 is enabled on the gateway. For IPv6, replace IPv4 with IPv6 (for example: accept-all-ipv4 becomes accept-all-ipv6). You can specify IPv6 prefixes in addition to IPv4 prefixes.
Protocol-Specific Parameters:
BGP policy has some parameters that apply to all routes imported by a specific policy ID:
Parameter |
Description |
|---|---|
|
For policy IDs 512 – 1024, configures the AS which is matched for import policy. You must first enter all BGP AS policy entries. |
|
For policy IDs from 1 – 511, configures the AS path which is matched for import policy. You must enter this command first for all BGP AS-path policy entries. |
|
Import only routes which match a specific BGP community |
|
Assign a default local preference to imported routes. Per-route local preference takes precedence over this value. |
|
Assign a default weight to imported routes. Per-route weight takes precedence over this value |
Route parameters:
BGP policy has some parameters that you can apply to specific routes imported with the route keyword:
Parameter |
Description |
|---|---|
|
Assign a local preference to routes matched by this prefix |
|
Assign a weight to routes matched by this prefix |
Example 1 - Accept all IPv4 and IPv6 routes received from AS 4:
set inbound-route-filter bgp-policy 512 based-on-as as 4 on set inbound-route-filter bgp-policy 512 accept-all-ipv4 set inbound-route-filter bgp-policy 512 accept-all-ipv6 |
Example 2 - Accept only routes that are subnets of 10.0.0.0/8 or the exact route 1234::/64 from AS 22 and assign a default local preference:
set inbound-route-filter bgp-policy 1000 based-on-as as 22 on set inbound-route-filter bgp-policy 1000 restrict-all-ipv4 set inbound-route-filter bgp-policy 1000 restrict-all-ipv6 set inbound-route-filter bgp-policy 1000 route 10.0.0.0/8 normal on set inbound-route-filter bgp-policy 1000 route 1234::/64 exact on set inbound-route-filter bgp-policy 1000 default-localpref 1000 |
OSPF inbound route filters only apply to OSPF ASE routes.
Intra-area and inter-area OSPF routes will always be installed.
The default behavior is to accept all OSPF ASE routes.
Protocol-specific parameters:
Parameter |
Description |
|---|---|
|
Assign a default protocol rank to all imported routes. Per-route protocol rank will take precedence over this value. |
Route parameters:
Parameter |
Description |
|---|---|
|
Assign a protocol rank to all routes imported by this prefix |
Example - Only accept subnets of 192.168.0.0/16, but do not accept the exact route itself:
set inbound-route-filter ospf2 restrict-all-ipv4 set inbound-route-filter ospf2 route 192.168.0.0/16 refines on |
The default behavior is to accept all RIP routes.
Protocol-specific parameters:
Parameter |
Description |
|---|---|
|
Assign a default protocol rank to all imported routes. Per-route protocol rank will take precedence over this value. |
Route parameters:
Parameter |
Description |
|---|---|
rank |
Assign a protocol rank to all routes imported by this prefix |
Example - Accept all IPv4 routes except for 172.16.0.0/16 and its subnets:
set inbound-route-filter rip accept-all-ipv4 set inbound-route-filter rip route 172.16.0.0/16 normal restrict on |
Use these commands to configure IPv6 inbound route filters:
set ipv6 inbound-route-filter <protocol> <protocol parameter> accept-all-ipv6 restrict-all-ipv6 route <IPv6 prefix / mask> <per-route protocol parameter> <route parameter> |
Parameters
Parameter |
Description |
|---|---|
<protocol> |
IPv6 protocol that the inbound route filter policy applies to. See "Protocols" section below |
<protocol parameter> |
Protocol-specific parameters that apply to all routes imported for that protocol. These vary per protocol, see the appropriate section within each protocol for a list of options |
accept-all-ipv6 |
Accept all IPv6 routes by default for this protocol. All routes will be accepted with default settings unless specified otherwise |
restrict-all-ipv6 |
Restrict all IPv6 routes by default for this protocol. No routes will be accepted unless specified otherwise |
route <IPv6 prefix / mask> |
Configure policy for a specific prefix / mask length |
<per-route protocol parameter> |
Protocol-specific parameters that apply to specific prefixes. These vary per protocol, see the appropriate section within each protocol for a list of options |
<route parameter> |
Parameters that apply to specific routes. See Per-route parameters section below |
Per-route parameters:
Specific routes imported by inbound route filters use the following options, regardless of which protocol is importing them. These only apply to routes specified with the ‘route’ keyword, not ‘accept-all-ipv6’:
Parameter |
Description |
|---|---|
|
Accept and install routes matched by this prefix |
|
Match only the route with this exact prefix / mask length |
|
Match all routes that are subnets of this prefix / mask length, including the prefix / mask itself |
|
Remove this prefix |
|
Match all routes that are subnets of this prefix / mask length, but exclude the exact prefix / mask |
|
Do not install routes matched by this prefix |
OSPFv3 inbound route filters only apply to OSPFv3 ASE routes.
Intra-area and inter-area OSPFv3 routes will always be installed.
The default behavior is to accept all OSPFv3 ASE routes.
Protocol-specific parameters:
Parameter |
Description |
|---|---|
|
Assign a default protocol rank to all imported routes. Per-route protocol rank will take precedence over this value. |
Route parameters:
Parameter |
Description |
|---|---|
|
Assign a protocol rank to all routes imported by this prefix |
Example - Accept all routes, but assign a different protocol rank to subnets of 5678::/64:
set ipv6 inbound-route-filter ospf3 accept-all-ipv6 set ipv6 inbound-route-filter ospf3 route 5678::/64 normal on set ipv6 inbound-route-filter ospf3 route 5678::/64 rank 15 |
SET commands for IPv4:
Note - Enter set inbound-route-filter [Esc][Esc].
set inbound-route-filter bgp-policy VALUE accept-all-ipv4 set inbound-route-filter bgp-policy VALUE accept-all-ipv6 set inbound-route-filter bgp-policy VALUE based-on-as as VALUE on set inbound-route-filter bgp-policy VALUE based-on-aspath aspath-regex VALUE origin VALUE on set inbound-route-filter bgp-policy VALUE community-match VALUE as VALUE off set inbound-route-filter bgp-policy VALUE community-match VALUE as VALUE on set inbound-route-filter bgp-policy VALUE default-localpref VALUE set inbound-route-filter bgp-policy VALUE default-weight VALUE set inbound-route-filter bgp-policy VALUE off set inbound-route-filter bgp-policy VALUE restrict-all-ipv4 set inbound-route-filter bgp-policy VALUE restrict-all-ipv6 set inbound-route-filter bgp-policy VALUE route VALUE accept set inbound-route-filter bgp-policy VALUE route VALUE between VALUE and VALUE on set inbound-route-filter bgp-policy VALUE route VALUE between VALUE and VALUE restrict on set inbound-route-filter bgp-policy VALUE route VALUE exact on set inbound-route-filter bgp-policy VALUE route VALUE exact restrict on set inbound-route-filter bgp-policy VALUE route VALUE localpref VALUE set inbound-route-filter bgp-policy VALUE route VALUE normal on set inbound-route-filter bgp-policy VALUE route VALUE normal restrict on set inbound-route-filter bgp-policy VALUE route VALUE off set inbound-route-filter bgp-policy VALUE route VALUE refines on set inbound-route-filter bgp-policy VALUE route VALUE refines restrict on set inbound-route-filter bgp-policy VALUE route VALUE weight VALUE set inbound-route-filter ospf2 [ instance VALUE ] accept-all-ipv4 set inbound-route-filter ospf2 [ instance VALUE ] rank VALUE set inbound-route-filter ospf2 [ instance VALUE ] restrict-all-ipv4 set inbound-route-filter ospf2 [ instance VALUE ] route VALUE accept set inbound-route-filter ospf2 [ instance VALUE ] route VALUE between VALUE and VALUE on set inbound-route-filter ospf2 [ instance VALUE ] route VALUE between VALUE and VALUE restrict on set inbound-route-filter ospf2 [ instance VALUE ] route VALUE exact on set inbound-route-filter ospf2 [ instance VALUE ] route VALUE exact restrict on set inbound-route-filter ospf2 [ instance VALUE ] route VALUE normal on set inbound-route-filter ospf2 [ instance VALUE ] route VALUE normal restrict on set inbound-route-filter ospf2 [ instance VALUE ] route VALUE off set inbound-route-filter ospf2 [ instance VALUE ] route VALUE rank VALUE set inbound-route-filter ospf2 [ instance VALUE ] route VALUE refines on set inbound-route-filter ospf2 [ instance VALUE ] route VALUE refines restrict on set inbound-route-filter rip accept-all-ipv4 set inbound-route-filter rip rank VALUE set inbound-route-filter rip restrict-all-ipv4 set inbound-route-filter rip route VALUE accept set inbound-route-filter rip route VALUE between VALUE and VALUE on set inbound-route-filter rip route VALUE between VALUE and VALUE restrict on set inbound-route-filter rip route VALUE exact on set inbound-route-filter rip route VALUE exact restrict on set inbound-route-filter rip route VALUE normal on set inbound-route-filter rip route VALUE normal restrict on set inbound-route-filter rip route VALUE off set inbound-route-filter rip route VALUE rank VALUE set inbound-route-filter rip route VALUE refines on set inbound-route-filter rip route VALUE refines restrict on |
SET commands for IPv6:
Note - Enter set ipv6 inbound-route-filter [Esc][Esc].
set ipv6 inbound-route-filter ospf3 [ instance VALUE ] accept-all-ipv6 set ipv6 inbound-route-filter ospf3 [ instance VALUE ] rank VALUE set ipv6 inbound-route-filter ospf3 [ instance VALUE ] restrict-all-ipv6 set ipv6 inbound-route-filter ospf3 [ instance VALUE ] route VALUE accept set ipv6 inbound-route-filter ospf3 [ instance VALUE ] route VALUE exact on set ipv6 inbound-route-filter ospf3 [ instance VALUE ] route VALUE exact restrict on set ipv6 inbound-route-filter ospf3 [ instance VALUE ] route VALUE normal on set ipv6 inbound-route-filter ospf3 [ instance VALUE ] route VALUE normal restrict on set ipv6 inbound-route-filter ospf3 [ instance VALUE ] route VALUE off set ipv6 inbound-route-filter ospf3 [ instance VALUE ] route VALUE rank VALUE set ipv6 inbound-route-filter ospf3 [ instance VALUE ] route VALUE refines on set ipv6 inbound-route-filter ospf3 [ instance VALUE ] route VALUE refines restrict on |
