The source-address-exclude command excludes specific source addresses from a PBR rule, so that the device does not match the traffic from these addresses with this PBR rule.
The undo source-address-exclude command deletes the source addresses excluded from a PBR rule.
source-address-exclude { address-set address-set-name &<1-6> | ipv4-address { ipv4-mask-length | mask mask-address | wildcard } | ipv6-address ipv6-prefix-length | range { ipv4-start-address ipv4-end-address | ipv6-start-address ipv6-end-address } } [ description description ]
undo source-address-exclude { address-set address-set-name &<1-6> | ipv4-address { ipv4-mask-length | mask mask-address | wildcard } | ipv6-address ipv6-prefix-length | range { ipv4-start-address ipv4-end-address | ipv6-start-address ipv6-end-address } } [ description ]
| Parameter | Description | Value |
|---|---|---|
| address-set address-set-name &<1-6> | Specifies the name of an address or address group. | The specified address or address group must exist. You can add or delete a maximum of six addresses or address groups at a time. |
| ipv4-address | Specifies the IPv4 address. | The value is in dotted decimal notation. |
| ipv4-mask-length | Specifies the mask length of an IPv4 address. | The value is an integer ranging from 1 to 32. |
| mask mask-address | Specifies the mask of an IPv4 address. | The value is in dotted decimal notation whose binary form cannot be inconsecutive. For example, 255.0.255.0 is not a legitimate wildcard because its binary form is 11111111.00000000.11111111.00000000. In the binary form, digits 1 are to be matched, whereas digits 0 are not. For example, 192.168.1.1/255.0.255.0 indicates that only IP addresses of the 192.*.1.* form are to be matched. |
| wildcard | Specifies the wildcard of an IPv4 address. | The value is in dotted decimal notation whose binary form cannot be inconsecutive. For example, 0.255.0.255 is not a legitimate wildcard because its binary form is 00000000.11111111.00000000.11111111. In the binary form, digits 0 are to be matched, whereas digits 1 are not. For example, 192.168.1.1/0.255.0.255 indicates that only IP addresses of the 192.*.1.* form are to be matched. |
| ipv6-address | Specifies the IPv6 address. | The value is in hexadecimal notation. |
| ipv6-prefix-length | Specifies the prefix length of an IPv6 address. | The value is an integer ranging from 1 to 128. |
| range | Indicates the address range. | - |
| ipv4-start-address | Specifies the start address of an IPv4 address range. | The value is in dotted decimal notation. |
| ipv4-end-address | Specifies the end address of an IPv4 address range. | The value is in dotted decimal notation. |
| ipv6-start-address | Specifies the start address of an IPv6 address range. | The value is in hexadecimal notation. |
| ipv6-end-address | Specifies the end address of an IPv6 address range. | The value is in hexadecimal notation. |
| description description | Specifies the description of an individual IPv4/IPv6 address or address segment. | The value is a string of 1 to 128 characters. |
When referencing source addresses in a PBR rule, you can run the source-address-exclude command to exclude specific source addresses. Traffic from the excluded addresses does not match the rule.
Application Scenarios
When configuring a PBR rule, you can reference a source address as a matching condition in the rule. For example, two address ranges Addr_group1 (address range is 10.1.1.40 to 10.1.1.50) Addr_group2 (address range is 10.1.1.0/24) are available. Traffic with source address Addr_group2 needs to be forwarded to next-hop address 10.1.1.1, and traffic with source address Addr_group1 needs to be forwarded based on the current routing table, without being processed by PBR. You can use configuration method 1 in the following table to assign different actions to different addresses. This method increases rules as well as rule maintenance workloads. Alternatively, you can use configuration method 2 to run the source-address-exclude command to configure the rule. This method has the same effect as method 1 and does not need additional rules.
| Configuration Method | Command |
|---|---|
| Method 1 | <sysname> system-view [sysname] policy-based-route [sysname-policy-pbr] rule name test [sysname-policy-pbr-rule-test] source-address range 10.1.1.40 10.1.1.50 [sysname-policy-pbr-rule-test] action no-pbr [sysname-policy-pbr-rule-test] quit [sysname-policy-pbr] rule name test1 [sysname-policy-pbr-rule-test1] source-address 10.1.1.0 24 [sysname-policy-pbr-rule-test1] action pbr next-hop 10.1.1.1 |
| Method 2 | <sysname> system-view [sysname] policy-based-route [sysname-policy-pbr] rule name test [sysname-policy-pbr-rule-test] source-address 10.1.1.0 24 [sysname-policy-pbr-rule-test] source-address-exclude range 10.1.1.40 10.1.1.50 [sysname-policy-pbr-rule-test] action pbr next-hop 10.1.1.1 |