The destination-address-exclude command configures an exception destination address.
The undo destination-address-exclude command cancels the preceding configuration.
destination-address-exclude { address-set address-set-name &<1-6> | ipv4-address { ipv4-mask-length | mask mask-address | wildcard } | range ipv4-start-address ipv4-end-address } [ description description ]
undo destination-address-exclude { address-set address-set-name &<1-6> | ipv4-address { ipv4-mask-length | mask mask-address | wildcard } | range ipv4-start-address ipv4-end-address } [ description description ]
| Parameter | Description | Value |
|---|---|---|
| address-set address-set-name &<1-6> | Specifies the name of an address or address group. | The value must be the name of an existing address or address group. You can add or delete a maximum of six addresses or address groups at a time. |
| ipv4-address | Specifies an IPv4 address. | The value is in dotted decimal notation. |
| ipv4-mask-length | Specifies an IPv4 address mask. | The value is an integer ranging from 1 to 32. |
| mask mask-address | Specifies an IPv4 address mask. | The value is in dotted decimal notation. The corresponding binary value supports discontinuous 1s, for example, 255.0.255.0 (11111111 00000000 11111111 00000000). Only digits 1 in the binary format are matched, but not digits 0. For example, IP address 192.168.1.1/255.0.255.0 matches the IP addresses in 192.*.1.* format. |
| wildcard | Specifies the wildcard of an IPv4 address. | The value is a wildcard character in dotted decimal notation. The corresponding binary form supports discontinuous 1s, for example, 0.255.0.255 (00000000 11111111 00000000 11111111). Only digits 0 in the binary format are matched, but not digits 1. For example, IP address 192.168.1.1/0.255.0.255 matches the IP addresses in 192.*.1.* format. |
| range | Indicates the address range. | - |
| ipv4-start-address | Specifies the start address of the IPv4 address range. | The value is in dotted decimal notation. |
| ipv4-end-address | Indicates the end address of the IPv4 address range. | The value is in dotted decimal notation. |
| description description | Specifies the description of an individual IPv4 address or address segment. | The value is a string of 1 to 128 characters. |
If the destination address of a flow matches an exception destination address set in the flow probe policy rule view, the flow skips and is not controlled by the flow probe policy.
Application Scenario
For example, a user wants to collect network layer information of traffic destined to 10.1.1.0/24 but not that of traffic destined to 10.1.1.40 to 10.1.1.50 (exception destination addresses). Based on this requirement, there are two types of flow probe policy configuration plans. In Configuration Plan 1 in the following table, two policies are configured to take different actions on the two flows. This plan increases the number of policies, not facilitating policy maintenance. In Configuration Plan 2, only one policy is configured. Exception destination addresses can be added to this policy to achieve the same effect as Configuration Plan 1. This plan reduces the policy maintenance workload and configuration complexity.
| Configuration Plan | Configuration Command |
|---|---|
| Configuration Plan 1 | <sysname> system-view [sysname] flow-probe-policy [sysname-policy-probe] rule name no_policy_probe [sysname-policy-probe-rule-no_policy_probe] destination-address range 10.1.1.40 10.1.1.50 [sysname-policy-probe-rule-no_policy_probe] action no-probe [sysname-policy-probe-rule-no_policy_probe] quit [sysname-policy-probe] rule name policy_probe [sysname-policy-probe-rule-policy_probe] destination-address 10.1.1.0 24 [sysname-policy-probe-rule-policy_probe] action probe network-layer |
| Configuration Plan 2 | <sysname> system-view [sysname] flow-probe-policy [sysname-policy-probe] rule name policy_probe [sysname-policy-probe-rule-policy_probe] destination-address-exclude range 10.1.1.40 10.1.1.50 [sysname-policy-probe-rule-policy_probe] destination-address 10.1.1.0 24 [sysname-policy-probe-rule-policy_probe] action probe network-layer |