peer filter-policy (BGP)
Function
The peer filter-policy command sets the filtering policy of a peer or peer group.
The undo peer filter-policy command cancels the existing configuration.
By default, a peer or peer group has no filtering policy.
Format
peer { group-name | ipv4-address | ipv6-address } filter-policy { acl-number | acl6-number } { import | export }
undo peer { group-name | ipv4-address | ipv6-address } filter-policy { acl-number | acl6-number } { import | export }
Parameters
| Parameter | Description | Value |
|---|---|---|
group-name |
Specifies the name of the peer group. |
The name is a string of 1 to 47 case-sensitive characters, with spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string. |
ipv4-address |
Specifies the IPv4 address of the peer. |
It is in dotted decimal notation. |
ipv6-address |
Specifies the IPv6 address of the peer. |
The prefix is a 32-digit hexadecimal number, in the format of X:X:X:X:X:X:X:X. |
acl-number |
Specifies the number of the basic ACL. |
The value is an integer ranging from 2000 to 2999. |
acl6-number |
Specifies the number of the basic ACL6. |
The value is an integer ranging from 2000 to 2999. |
import |
Filters the received routes. |
- |
export |
Filters the advertised routes. |
- |
ipv4-address and acl-number are valid only in the BGP view, BGP-IPv4 unicast address family view, BGP-IPv6 unicast address family view, BGP-VPN instance IPv4 address family view, BGP-VPNv4 address family view.
ipv6-address and acl6-number are valid only in the BGP-IPv6 unicast address family view and BGP-VPN instance IPv6 address family view.
Views
BGP view, BGP-VPN instance IPv4 address family view, BGP-VPN instance IPv6 address family view, BGP-VPNv4 address family view, BGP-IPv4 unicast address family view, BGP-IPv6 unicast address family view
Usage Guidelines
Usage Scenario
The peer filter-policy command is used to configure an ACL-based policy for filtering routes received from peers or routes to be advertised to peers.
A proper basic ACL needs to be selected based on the address family of a peer or peer group.
Prerequisites
The peer as-number command has been used to create a peer or peer group.
Configuration Impact
If the peer filter-policy command is run several times for the same peer or peer group, the latest configuration overrides the previous one. For example, if the peer 20:2::2 filter-policy 2600 import command is run and then the peer 20:2::2 filter-policy 2400 import command is run, the configuration of the peer 20:2::2 filter-policy 2400 import command overwrites that of the peer 20:2::2 filter-policy 2600 import command.
Example
# Set the IPv4 filtering policy for peers.
<sysname> system-view
[sysname] acl 2000
[sysname-acl-basic-2000] rule permit
[sysname-acl-basic-2000] quit
[sysname] bgp 100
[sysname-bgp] peer 1.1.1.2 as-number 200
[sysname-bgp] ipv4-family unicast
[sysname-bgp-af-ipv4] peer 1.1.1.2 filter-policy 2000 import
# Set the IPv6 filtering policy for peers.
<sysname> system-view
[sysname] acl ipv6 2001
[sysname-acl6-basic-2001] rule permit
[sysname-acl6-basic-2001] quit
[sysname] bgp 100
[sysname-bgp] ipv6-family unicast
[sysname-bgp-af-ipv6] peer 1:2::3:4 filter-policy 2001 export