beautypg.com

Defining a community acl – Brocade TurboIron 24X Series Configuration Guide User Manual

Page 742

background image

708

Brocade TurboIron 24X Series Configuration Guide

53-1003053-01

Filtering

NOTE

If the filter is referred to by a route map match statement, the filter is applied in the order in which
the filter is listed in the match statement.

The permit | deny parameter indicates the action the router takes if the filter match is true.

If you specify permit, the router permits the route into the BGP4 table if the filter match is true.

If you specify deny, the router denies the route from entering the BGP4 table if the filter match
is true.

The : parameter indicates a specific community number to filter. Use this parameter
to filter for a private (administrator-defined) community. You can enter up to 20 community
numbers with the same command.

If you want to filter for the well-known communities “LOCAL_AS”, “NO_EXPORT” or
“NO_ADVERTISE”, use the corresponding keyword (described below).

The internet keyword checks for routes that do not have the community attribute. Routes without a
specific community are considered by default to be members of the largest community, the
Internet.

The local-as keyword checks for routes with the well-known community “LOCAL_AS”. The Layer 3
Switch advertises the route only within the sub-AS.

The no-advertise keyword filters for routes with the well-known community “NO_ADVERTISE”. A
route in this community should not be advertised to any BGP4 neighbors.

The no-export keyword filters for routes with the well-known community “NO_EXPORT”. A route in
this community should not be advertised to any BGP4 neighbors outside the local AS. If the router
is a member of a confederation, the Layer 3 Switch advertises the route only within the
confederation.

Defining a community ACL

To configure community ACL 1, enter a command such as the following.

TurboIron(config)#ip community-list 1 permit 123:2

This command configures a community ACL that permits routes that contain community 123:2.

NOTE

Refer to

“Matching based on community ACL”

on page 714 for information about how to use a

community list as a match condition in a route map.

Syntax: ip community-list standard [seq ] deny | permit

Syntax: ip community-list extended [seq ] deny | permit

|

The parameter specifies the ACL name. (If you enter a number, the CLI interprets the
number as a text string.)

The standard or extended parameter specifies whether you are configuring a standard community
ACL or an extended one. A standard community ACL does not support regular expressions whereas
an extended one does. This is the only difference between standard and extended IP community
lists.