blob: 5a9a15ee9972aad00cd519a823ba0830886aacde [file] [log] [blame]
paul718e3742002-12-13 20:15:29 +00001@node Filtering
2@comment node-name, next, previous, up
3@chapter Filtering
4
paul7190f4e2003-08-12 12:40:20 +00005Quagga provides many very flexible filtering features. Filtering is used
paul718e3742002-12-13 20:15:29 +00006for both input and output of the routing information. Once filtering is
7defined, it can be applied in any direction.
8
9@menu
10* IP Access List::
11* IP Prefix List::
12@end menu
13
paul76b89b42004-11-06 17:13:09 +000014@node IP Access List
paul718e3742002-12-13 20:15:29 +000015@comment node-name, next, previous, up
paul76b89b42004-11-06 17:13:09 +000016@section IP Access List
paul718e3742002-12-13 20:15:29 +000017
18@deffn {Command} {access-list @var{name} permit @var{ipv4-network}} {}
19@deffnx {Command} {access-list @var{name} deny @var{ipv4-network}} {}
20@end deffn
21
22Basic filtering is done by @code{access-list} as shown in the
23following example.
24
25@example
26access-list filter deny 10.0.0.0/9
27access-list filter permit 10.0.0.0/8
28@end example
29
paul76b89b42004-11-06 17:13:09 +000030@node IP Prefix List
paul718e3742002-12-13 20:15:29 +000031@comment node-name, next, previous, up
paul76b89b42004-11-06 17:13:09 +000032@section IP Prefix List
paul718e3742002-12-13 20:15:29 +000033
34@command{ip prefix-list} provides the most powerful prefix based
35filtering mechanism. In addition to @command{access-list} functionality,
36@command{ip prefix-list} has prefix length range specification and
37sequential number specification. You can add or delete prefix based
38filters to arbitrary points of prefix-list using sequential number specification.
39
40If no ip prefix-list is specified, it acts as permit. If @command{ip prefix-list}
41is defined, and no match is found, default deny is applied.
42
43@c @deffn {Command} {ip prefix-list @var{name} [seq @var{number}] permit|deny [le @var{prefixlen}] [ge @var{prefixlen}]} {}
44@deffn {Command} {ip prefix-list @var{name} (permit|deny) @var{prefix} [le @var{len}] [ge @var{len}]} {}
45@deffnx {Command} {ip prefix-list @var{name} seq @var{number} (permit|deny) @var{prefix} [le @var{len}] [ge @var{len}]} {}
46
47You can create @command{ip prefix-list} using above commands.
48
49@table @asis
50
51@item @asis{seq}
52seq @var{number} can be set either automatically or manually. In the
53case that sequential numbers are set manually, the user may pick any
54number less than 4294967295. In the case that sequential number are set
55automatically, the sequential number will increase by a unit of five (5)
56per list. If a list with no specified sequential number is created
57after a list with a specified sequential number, the list will
58automatically pick the next multiple of five (5) as the list number.
59For example, if a list with number 2 already exists and a new list with
60no specified number is created, the next list will be numbered 5. If
61lists 2 and 7 already exist and a new list with no specified number is
62created, the new list will be numbered 10.
63
64@item @asis{le}
65@command{le} command specifies prefix length. The prefix list will be
66applied if the prefix length is less than or equal to the le prefix length.
67
68@item @asis{ge}
69@command{ge} command specifies prefix length. The prefix list will be
70applied if the prefix length is greater than or equal to the ge prefix length.
71
72@end table
73
74@end deffn
75
76Less than or equal to prefix numbers and greater than or equal to
77prefix numbers can be used together. The order of the le and ge
78commands does not matter.
79
80If a prefix list with a different sequential number but with the exact
81same rules as a previous list is created, an error will result.
82However, in the case that the sequential number and the rules are
83exactly similar, no error will result.
84
85If a list with the same sequential number as a previous list is created,
86the new list will overwrite the old list.
87
88Matching of IP Prefix is performed from the smaller sequential number to the
89larger. The matching will stop once any rule has been applied.
90
paul76b89b42004-11-06 17:13:09 +000091In the case of no le or ge command, the prefix length must match exactly the
92length specified in the prefix list.
paul718e3742002-12-13 20:15:29 +000093
94@deffn {Command} {no ip prefix-list @var{name}} {}
95@end deffn
96
97@menu
98* ip prefix-list description::
99* ip prefix-list sequential number control::
100* Showing ip prefix-list::
101* Clear counter of ip prefix-list::
102@end menu
103
paul76b89b42004-11-06 17:13:09 +0000104@node ip prefix-list description
105@subsection ip prefix-list description
paul718e3742002-12-13 20:15:29 +0000106
107@deffn {Command} {ip prefix-list @var{name} description @var{desc}} {}
108Descriptions may be added to prefix lists. This command adds a
109description to the prefix list.
110@end deffn
111
112@deffn {Command} {no ip prefix-list @var{name} description [@var{desc}]} {}
113Deletes the description from a prefix list. It is possible to use the
114command without the full description.
115@end deffn
116
paul76b89b42004-11-06 17:13:09 +0000117@node ip prefix-list sequential number control
118@subsection ip prefix-list sequential number control
paul718e3742002-12-13 20:15:29 +0000119
120@deffn {Command} {ip prefix-list sequence-number} {}
121With this command, the IP prefix list sequential number is displayed.
122This is the default behavior.
123@end deffn
124
125@deffn {Command} {no ip prefix-list sequence-number} {}
126With this command, the IP prefix list sequential number is not
127displayed.
128@end deffn
129
paul76b89b42004-11-06 17:13:09 +0000130@node Showing ip prefix-list
131@subsection Showing ip prefix-list
paul718e3742002-12-13 20:15:29 +0000132
133@deffn {Command} {show ip prefix-list} {}
134Display all IP prefix lists.
135@end deffn
136
137@deffn {Command} {show ip prefix-list @var{name}} {}
138Show IP prefix list can be used with a prefix list name.
139@end deffn
140
141@deffn {Command} {show ip prefix-list @var{name} seq @var{num}} {}
142Show IP prefix list can be used with a prefix list name and sequential
143number.
144@end deffn
145
146@deffn {Command} {show ip prefix-list @var{name} @var{a.b.c.d/m}} {}
147If the command longer is used, all prefix lists with prefix lengths equal to
148or longer than the specified length will be displayed.
149If the command first match is used, the first prefix length match will be
150displayed.
151@end deffn
152
153@deffn {Command} {show ip prefix-list @var{name} @var{a.b.c.d/m} longer} {}
154@end deffn
155
156@deffn {Command} {show ip prefix-list @var{name} @var{a.b.c.d/m} first-match} {}
157@end deffn
158
159@deffn {Command} {show ip prefix-list summary} {}
160@end deffn
161@deffn {Command} {show ip prefix-list summary @var{name}} {}
162@end deffn
163
164@deffn {Command} {show ip prefix-list detail} {}
165@end deffn
166@deffn {Command} {show ip prefix-list detail @var{name}} {}
167@end deffn
168
paul76b89b42004-11-06 17:13:09 +0000169@node Clear counter of ip prefix-list
170@subsection Clear counter of ip prefix-list
paul718e3742002-12-13 20:15:29 +0000171
172@deffn {Command} {clear ip prefix-list} {}
173Clears the counters of all IP prefix lists. Clear IP Prefix List can be
174used with a specified name and prefix.
175@end deffn
176
177@deffn {Command} {clear ip prefix-list @var{name}} {}
178@end deffn
179
180@deffn {Command} {clear ip prefix-list @var{name} @var{a.b.c.d/m}} {}
181@end deffn
182