beautypg.com

Filtering specific ip addresses – Brocade BigIron RX Series Configuration Guide User Manual

Page 905

background image

BigIron RX Series Configuration Guide

827

53-1002484-04

Filtering specific IP addresses

27

BigIron RX(config-bgp)# address-family ipv4 unicast

BigIron RX(config-bgp)#

NOTE

The CLI prompt for the global BGP level and the BGP address-family IPv4 unicast level are the same.

To enter the IPv4 BGP multicast address family configuration level, enter the following command.

BigIron RX(config-bgp)# address-family ipv4 multicast

BigIron RX(config-bgp-ipv4m)#

Syntax: [no] address-family ipv4 unicast | ipv4 multicast

The default is the ipv4 unicast address family level.

To exit an address family configuration level, enter the following command.

BigIron RX(config-bgp-ipv4u)# exit-address-family

BigIron RX(config-bgp)#

Syntax: exit-address-family

Filtering specific IP addresses

You can configure the router to explicitly permit or deny specific IP addresses received in updates
from BGP4 neighbors by defining IP address filters. The router permits all IP addresses by default.
You can define up to 100 IP address filters for BGP4.

If you want permit to remain the default behavior, define individual filters to deny specific IP
addresses.

If you want to change the default behavior to deny, define individual filters to permit specific IP
addresses.

NOTE

Once you define a filter, the default action for addresses that do not match a filter is “deny”. To
change the default action to “permit”, configure the last filter as “permit any any”.

Address filters can be referred to by a BGP neighbor's distribute list number as well as by match
statements in a route map.

NOTE

If the filter is referred to by a route map’s match statement, the filter is applied in the order in which
the filter is listed in the match statement.

NOTE

You also can filter on IP addresses by using IP ACLs. See “Software-Based IP Access Control Lists
(ACLs)”.

To define an IP address filter to deny routes to 209.157.0.0, enter the following command.

BigIron RX(config-bgp)# address-filter 1 deny 209.157.0.0 255.255.0.0 255.255.0.0

255.255.0.0

Syntax: [no] address-filter <num> permit | deny <ip-addr> <wildcard> <mask> <wildcard>

The <num> parameter is the filter number.

See also other documents in the category Brocade Computer Accessories: