< Home

destination-address (PBR rule view)

Function

The destination-address command sets the destination address of packets as a matching condition of a PBR rule.

The undo destination-address command deletes the configuration.

Format

destination-address { address-set address-set-name &<1-6> | ipv4-address { ipv4-mask-length | mask mask-address | wildcard } [ description description ] | ipv6-address ipv6-prefix-length [ description description ] | range { ipv4-start-address ipv4-end-address | ipv6-start-address ipv6-end-address } [ description description ] | mac-address &<1-6> | isp isp-name &<1-6> | domain-set domain-set-name &<1-6> | any }

undo destination-address { address-set address-set-name &<1-6> | ipv4-address { ipv4-mask-length | mask mask-address | wildcard } [ description ] | ipv6-address ipv6-prefix-length [ description ] | range { ipv4-start-address ipv4-end-address | ipv6-start-address ipv6-end-address } [ description ] | mac-address &<1-6> | isp isp-name &<1-6> | domain-set domain-set-name &<1-6> | all }

Parameters

Parameter Description Value

address-set address-set-name

Specifies an IP address set for destination IP address-based matching. address-set-name specifies the name of an IP address set.

The value must be the name of an existing address set.

ipv4-address

Specifies an IPv4 address for destination IP address-based matching.

The value is in decimal dotted notation.

ipv4-mask-length

Specifies the mask length of an IPv4 address.

The value is an integer ranging from 1 to 32.

mask mask-address

Specifies the mask length of an IPv4 address.

The value is in dotted decimal notation whose binary form cannot be inconsecutive. For example, 255.0.255.0 is not a legitimate wildcard because its binary form is 11111111.00000000.11111111.00000000. In the binary form, digits 1 are to be matched, whereas digits 0 are not. For example, 192.168.1.1/255.0.255.0 indicates that only IP addresses of the 192.*.1.* form are to be matched.

wildcard

Specifies the wildcard of an IPv4 address.

The value is in dotted decimal notation whose binary form cannot be inconsecutive. For example, 0.255.0.255 is not a legitimate wildcard because its binary form is 00000000.11111111.00000000.11111111. In the binary form, digits 0 are to be matched, whereas digits 1 are not. For example, 192.168.1.1/0.255.0.255 indicates that only IP addresses of the 192.*.1.* form are to be matched.

description description

Specifies the description of an individual IPv4/IPv6 address or address segment.

The value is a string that ranges from 1 to 128.

ipv6-address ipv6-prefix-length

Specifies an IPv6 address for destination IP address-based matching. ipv6-address specifies an IPv6 address. ipv6-prefix-length specifies the IPv6 prefix length.

-

range ipv4-start-address ipv4-end-address

Specifies an IPv4 address range for destination IP address-based matching. ipv4-start-address specifies the start IPv4 address. ipv4-end-address specifies the end IPv4 address.

-

range ipv6-start-address ipv6-end-address

Specifies an IPv6 address range for destination IP address-based matching. ipv6-start-address specifies the start IPv6 address. ipv6-end-address specifies the end IPv6 address.

-

mac-address

Specifies the MAC address.

All models except USG6680E and USG6712E/6716E support this parameter.
The MAC address can be in one of the following formats:
  • H-H-H (Each H is a 4-digit hexadecimal number, such as 00e0 and fc01. If an H contains less than four bits, it means that the first bits contained in the H are 0s. For example, if an H is e0, it is equal to 00e0.)
  • XX:XX:XX:XX:XX:XX (Each X is a 1-digit hexadecimal number.)
  • XX-XX-XX-XX-XX-XX (Each X is a 1-digit hexadecimal number.)

The MAC address cannot be all 0s or all Fs (such as FFFF-FFFF-FFFF, 00:00:00:00:00:00, or 00-00-00-00-00-00) in any format.

isp-name

Specifies the name of an ISP address group.

-

domain-set domain-set-name &<1-6>

Specifies the name of a domain group.

The value must be the name of an existing domain group. You can reference or cancel the reference of a maximum of six domain groups at a time.

NOTE:

When an IP address corresponds to multiple domain names, an IP address can be used to search for a maximum of 16 domain names. If the domain name to be searched is not in the policy rule, the policy cannot be matched. You are advised to configure multiple domain names with the same IP address in the same policy rule.

any

Indicates any address.

-

all

Deletes all configurations that use destination IP addresses as a matching condition.

-

Views

PBR rule view

Default Level

2: Configuration level

Usage Guidelines

None

Example

# Set destination IP address 10.1.1.0/24 as a matching condition of a PBR rule.

<sysname> system-view
[sysname] policy-based-route
[sysname-policy-pbr] rule name abc
[sysname-policy-pbr-rule-abc] destination-address 10.1.1.0 24
Parent Topic: PBR Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >