Defining apply clauses – H3C Technologies H3C SecPath F1000-E User Manual
Page 948
923
Step Command
Remarks
3.
Define match criteria for
IPv4 routes.
•
Match IPv4 routing information specified
in the ACL:
if-match acl acl-number
•
Match IPv4 routing information specified
in the IP prefix list:
if-match ip-prefix ip-prefix-name.
•
Match IPv4 routing information whose
next hop or source is specified in the ACL
or IP prefix list:
if-match ip { next-hop | route-source }
{ acl acl-number | ip-prefix
ip-prefix-name }
Optional.
Not configured by default.
4.
Match IPv6 routing
information whose next
hop or source is specified
in the ACL or IP prefix list.
if-match ipv6 { address | next-hop |
route-source } { acl acl-number | prefix-list
ipv6-prefix-name }
Optional.
Not configured by default.
5.
Match BGP routing
information whose AS
path attribute is specified
in the AS path list (s).
if-match as-path AS-PATH-number&<1-16>
Optional.
Not configured by default.
6.
Match BGP routing
information whose
community attribute is
specified in the community
list(s).
if-match community
{ { basic-community-list-number |
comm-list-name } [ whole-match ] |
adv-community-list-number }&<1-16>
Optional.
Not configured by default.
7.
Match routes having the
specified cost.
if-match cost value
Optional.
Not configured by default.
8.
Match routing information
having specified outgoing
interface(s).
if-match interface { interface-type
interface-number }&<1-16>
Optional.
Not configured by default.
9.
Match routing information
having the specified route
type.
if-match route-type { external-type1 |
external-type1or2 | external-type2 |
internal | is-is-level-1 | is-is-level-2 |
nssa-external-type1 |
nssa-external-type1or2 |
nssa-external-type2 } *
Optional.
Not configured by default.
Only F5000-A5 supports
the is-is-level-1 and
is-is-level-2 keywords.
10.
Match RIP, OSPF, and IS-IS
routing information having
the specified tag value.
if-match tag value
Optional.
Not configured by default.
Defining apply clauses
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter routing policy view.
route-policy route-policy-name
{ deny | permit } node node-number Not created by default.
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS H3C SecBlade LB Cards H3C SecPath L1000-A Load Balancer