| @node Filtering |
| @comment node-name, next, previous, up |
| @chapter Filtering |
| |
| Quagga provides many very flexible filtering features. Filtering is used |
| for both input and output of the routing information. Once filtering is |
| defined, it can be applied in any direction. |
| |
| @menu |
| * IP Access List:: |
| * IP Prefix List:: |
| @end menu |
| |
| @node IP Access List, IP Prefix List, Filtering, Filtering |
| @comment node-name, next, previous, up |
| @subsection IP Access List |
| |
| @deffn {Command} {access-list @var{name} permit @var{ipv4-network}} {} |
| @deffnx {Command} {access-list @var{name} deny @var{ipv4-network}} {} |
| @end deffn |
| |
| Basic filtering is done by @code{access-list} as shown in the |
| following example. |
| |
| @example |
| access-list filter deny 10.0.0.0/9 |
| access-list filter permit 10.0.0.0/8 |
| @end example |
| |
| @node IP Prefix List, , IP Access List, Filtering |
| @comment node-name, next, previous, up |
| @subsection IP Prefix List |
| |
| @command{ip prefix-list} provides the most powerful prefix based |
| filtering mechanism. In addition to @command{access-list} functionality, |
| @command{ip prefix-list} has prefix length range specification and |
| sequential number specification. You can add or delete prefix based |
| filters to arbitrary points of prefix-list using sequential number specification. |
| |
| If no ip prefix-list is specified, it acts as permit. If @command{ip prefix-list} |
| is defined, and no match is found, default deny is applied. |
| |
| @c @deffn {Command} {ip prefix-list @var{name} [seq @var{number}] permit|deny [le @var{prefixlen}] [ge @var{prefixlen}]} {} |
| @deffn {Command} {ip prefix-list @var{name} (permit|deny) @var{prefix} [le @var{len}] [ge @var{len}]} {} |
| @deffnx {Command} {ip prefix-list @var{name} seq @var{number} (permit|deny) @var{prefix} [le @var{len}] [ge @var{len}]} {} |
| |
| You can create @command{ip prefix-list} using above commands. |
| |
| @table @asis |
| |
| @item @asis{seq} |
| seq @var{number} can be set either automatically or manually. In the |
| case that sequential numbers are set manually, the user may pick any |
| number less than 4294967295. In the case that sequential number are set |
| automatically, the sequential number will increase by a unit of five (5) |
| per list. If a list with no specified sequential number is created |
| after a list with a specified sequential number, the list will |
| automatically pick the next multiple of five (5) as the list number. |
| For example, if a list with number 2 already exists and a new list with |
| no specified number is created, the next list will be numbered 5. If |
| lists 2 and 7 already exist and a new list with no specified number is |
| created, the new list will be numbered 10. |
| |
| @item @asis{le} |
| @command{le} command specifies prefix length. The prefix list will be |
| applied if the prefix length is less than or equal to the le prefix length. |
| |
| @item @asis{ge} |
| @command{ge} command specifies prefix length. The prefix list will be |
| applied if the prefix length is greater than or equal to the ge prefix length. |
| |
| @end table |
| |
| @end deffn |
| |
| Less than or equal to prefix numbers and greater than or equal to |
| prefix numbers can be used together. The order of the le and ge |
| commands does not matter. |
| |
| If a prefix list with a different sequential number but with the exact |
| same rules as a previous list is created, an error will result. |
| However, in the case that the sequential number and the rules are |
| exactly similar, no error will result. |
| |
| If a list with the same sequential number as a previous list is created, |
| the new list will overwrite the old list. |
| |
| Matching of IP Prefix is performed from the smaller sequential number to the |
| larger. The matching will stop once any rule has been applied. |
| |
| In the case of no le or ge command, |
| |
| Version 0.85: the matching rule will apply to all prefix lengths that |
| matched the prefix list. |
| |
| Version 0.86 or later: In the case of no le or ge command, the prefix |
| length must match exactly the length specified in the prefix list. |
| |
| |
| @deffn {Command} {no ip prefix-list @var{name}} {} |
| @end deffn |
| |
| @menu |
| * ip prefix-list description:: |
| * ip prefix-list sequential number control:: |
| * Showing ip prefix-list:: |
| * Clear counter of ip prefix-list:: |
| @end menu |
| |
| @node ip prefix-list description, ip prefix-list sequential number control, IP Prefix List, IP Prefix List |
| @comment node-name, next, previous, up |
| @subsubsection ip prefix-list description |
| |
| @deffn {Command} {ip prefix-list @var{name} description @var{desc}} {} |
| Descriptions may be added to prefix lists. This command adds a |
| description to the prefix list. |
| @end deffn |
| |
| @deffn {Command} {no ip prefix-list @var{name} description [@var{desc}]} {} |
| Deletes the description from a prefix list. It is possible to use the |
| command without the full description. |
| @end deffn |
| |
| @node ip prefix-list sequential number control, Showing ip prefix-list, ip prefix-list description, IP Prefix List |
| @comment node-name, next, previous, up |
| @subsubsection ip prefix-list sequential number control |
| |
| @deffn {Command} {ip prefix-list sequence-number} {} |
| With this command, the IP prefix list sequential number is displayed. |
| This is the default behavior. |
| @end deffn |
| |
| @deffn {Command} {no ip prefix-list sequence-number} {} |
| With this command, the IP prefix list sequential number is not |
| displayed. |
| @end deffn |
| |
| @node Showing ip prefix-list, Clear counter of ip prefix-list, ip prefix-list sequential number control, IP Prefix List |
| @comment node-name, next, previous, up |
| @subsubsection Showing ip prefix-list |
| |
| @deffn {Command} {show ip prefix-list} {} |
| Display all IP prefix lists. |
| @end deffn |
| |
| @deffn {Command} {show ip prefix-list @var{name}} {} |
| Show IP prefix list can be used with a prefix list name. |
| @end deffn |
| |
| @deffn {Command} {show ip prefix-list @var{name} seq @var{num}} {} |
| Show IP prefix list can be used with a prefix list name and sequential |
| number. |
| @end deffn |
| |
| @deffn {Command} {show ip prefix-list @var{name} @var{a.b.c.d/m}} {} |
| If the command longer is used, all prefix lists with prefix lengths equal to |
| or longer than the specified length will be displayed. |
| If the command first match is used, the first prefix length match will be |
| displayed. |
| @end deffn |
| |
| @deffn {Command} {show ip prefix-list @var{name} @var{a.b.c.d/m} longer} {} |
| @end deffn |
| |
| @deffn {Command} {show ip prefix-list @var{name} @var{a.b.c.d/m} first-match} {} |
| @end deffn |
| |
| @deffn {Command} {show ip prefix-list summary} {} |
| @end deffn |
| @deffn {Command} {show ip prefix-list summary @var{name}} {} |
| @end deffn |
| |
| @deffn {Command} {show ip prefix-list detail} {} |
| @end deffn |
| @deffn {Command} {show ip prefix-list detail @var{name}} {} |
| @end deffn |
| |
| @node Clear counter of ip prefix-list, , Showing ip prefix-list, IP Prefix List |
| @comment node-name, next, previous, up |
| @subsubsection Clear counter of ip prefix-list |
| |
| @deffn {Command} {clear ip prefix-list} {} |
| Clears the counters of all IP prefix lists. Clear IP Prefix List can be |
| used with a specified name and prefix. |
| @end deffn |
| |
| @deffn {Command} {clear ip prefix-list @var{name}} {} |
| @end deffn |
| |
| @deffn {Command} {clear ip prefix-list @var{name} @var{a.b.c.d/m}} {} |
| @end deffn |
| |