paul | 718e374 | 2002-12-13 20:15:29 +0000 | [diff] [blame] | 1 | @node Filtering |
| 2 | @comment node-name, next, previous, up |
| 3 | @chapter Filtering |
| 4 | |
paul | 7190f4e | 2003-08-12 12:40:20 +0000 | [diff] [blame] | 5 | Quagga provides many very flexible filtering features. Filtering is used |
paul | 718e374 | 2002-12-13 20:15:29 +0000 | [diff] [blame] | 6 | for both input and output of the routing information. Once filtering is |
| 7 | defined, it can be applied in any direction. |
| 8 | |
| 9 | @menu |
| 10 | * IP Access List:: |
| 11 | * IP Prefix List:: |
| 12 | @end menu |
| 13 | |
paul | 76b89b4 | 2004-11-06 17:13:09 +0000 | [diff] [blame] | 14 | @node IP Access List |
paul | 718e374 | 2002-12-13 20:15:29 +0000 | [diff] [blame] | 15 | @comment node-name, next, previous, up |
paul | 76b89b4 | 2004-11-06 17:13:09 +0000 | [diff] [blame] | 16 | @section IP Access List |
paul | 718e374 | 2002-12-13 20:15:29 +0000 | [diff] [blame] | 17 | |
| 18 | @deffn {Command} {access-list @var{name} permit @var{ipv4-network}} {} |
| 19 | @deffnx {Command} {access-list @var{name} deny @var{ipv4-network}} {} |
| 20 | @end deffn |
| 21 | |
| 22 | Basic filtering is done by @code{access-list} as shown in the |
| 23 | following example. |
| 24 | |
| 25 | @example |
| 26 | access-list filter deny 10.0.0.0/9 |
| 27 | access-list filter permit 10.0.0.0/8 |
| 28 | @end example |
| 29 | |
paul | 76b89b4 | 2004-11-06 17:13:09 +0000 | [diff] [blame] | 30 | @node IP Prefix List |
paul | 718e374 | 2002-12-13 20:15:29 +0000 | [diff] [blame] | 31 | @comment node-name, next, previous, up |
paul | 76b89b4 | 2004-11-06 17:13:09 +0000 | [diff] [blame] | 32 | @section IP Prefix List |
paul | 718e374 | 2002-12-13 20:15:29 +0000 | [diff] [blame] | 33 | |
| 34 | @command{ip prefix-list} provides the most powerful prefix based |
| 35 | filtering mechanism. In addition to @command{access-list} functionality, |
| 36 | @command{ip prefix-list} has prefix length range specification and |
| 37 | sequential number specification. You can add or delete prefix based |
| 38 | filters to arbitrary points of prefix-list using sequential number specification. |
| 39 | |
| 40 | If no ip prefix-list is specified, it acts as permit. If @command{ip prefix-list} |
| 41 | is defined, and no match is found, default deny is applied. |
| 42 | |
| 43 | @c @deffn {Command} {ip prefix-list @var{name} [seq @var{number}] permit|deny [le @var{prefixlen}] [ge @var{prefixlen}]} {} |
| 44 | @deffn {Command} {ip prefix-list @var{name} (permit|deny) @var{prefix} [le @var{len}] [ge @var{len}]} {} |
| 45 | @deffnx {Command} {ip prefix-list @var{name} seq @var{number} (permit|deny) @var{prefix} [le @var{len}] [ge @var{len}]} {} |
| 46 | |
| 47 | You can create @command{ip prefix-list} using above commands. |
| 48 | |
| 49 | @table @asis |
| 50 | |
| 51 | @item @asis{seq} |
| 52 | seq @var{number} can be set either automatically or manually. In the |
| 53 | case that sequential numbers are set manually, the user may pick any |
| 54 | number less than 4294967295. In the case that sequential number are set |
| 55 | automatically, the sequential number will increase by a unit of five (5) |
| 56 | per list. If a list with no specified sequential number is created |
| 57 | after a list with a specified sequential number, the list will |
| 58 | automatically pick the next multiple of five (5) as the list number. |
| 59 | For example, if a list with number 2 already exists and a new list with |
| 60 | no specified number is created, the next list will be numbered 5. If |
| 61 | lists 2 and 7 already exist and a new list with no specified number is |
| 62 | created, the new list will be numbered 10. |
| 63 | |
| 64 | @item @asis{le} |
| 65 | @command{le} command specifies prefix length. The prefix list will be |
| 66 | applied if the prefix length is less than or equal to the le prefix length. |
| 67 | |
| 68 | @item @asis{ge} |
| 69 | @command{ge} command specifies prefix length. The prefix list will be |
| 70 | applied if the prefix length is greater than or equal to the ge prefix length. |
| 71 | |
| 72 | @end table |
| 73 | |
| 74 | @end deffn |
| 75 | |
| 76 | Less than or equal to prefix numbers and greater than or equal to |
| 77 | prefix numbers can be used together. The order of the le and ge |
| 78 | commands does not matter. |
| 79 | |
| 80 | If a prefix list with a different sequential number but with the exact |
| 81 | same rules as a previous list is created, an error will result. |
| 82 | However, in the case that the sequential number and the rules are |
| 83 | exactly similar, no error will result. |
| 84 | |
| 85 | If a list with the same sequential number as a previous list is created, |
| 86 | the new list will overwrite the old list. |
| 87 | |
| 88 | Matching of IP Prefix is performed from the smaller sequential number to the |
| 89 | larger. The matching will stop once any rule has been applied. |
| 90 | |
paul | 76b89b4 | 2004-11-06 17:13:09 +0000 | [diff] [blame] | 91 | In the case of no le or ge command, the prefix length must match exactly the |
| 92 | length specified in the prefix list. |
paul | 718e374 | 2002-12-13 20:15:29 +0000 | [diff] [blame] | 93 | |
| 94 | @deffn {Command} {no ip prefix-list @var{name}} {} |
| 95 | @end deffn |
| 96 | |
| 97 | @menu |
| 98 | * ip prefix-list description:: |
| 99 | * ip prefix-list sequential number control:: |
| 100 | * Showing ip prefix-list:: |
| 101 | * Clear counter of ip prefix-list:: |
| 102 | @end menu |
| 103 | |
paul | 76b89b4 | 2004-11-06 17:13:09 +0000 | [diff] [blame] | 104 | @node ip prefix-list description |
| 105 | @subsection ip prefix-list description |
paul | 718e374 | 2002-12-13 20:15:29 +0000 | [diff] [blame] | 106 | |
| 107 | @deffn {Command} {ip prefix-list @var{name} description @var{desc}} {} |
| 108 | Descriptions may be added to prefix lists. This command adds a |
| 109 | description to the prefix list. |
| 110 | @end deffn |
| 111 | |
| 112 | @deffn {Command} {no ip prefix-list @var{name} description [@var{desc}]} {} |
| 113 | Deletes the description from a prefix list. It is possible to use the |
| 114 | command without the full description. |
| 115 | @end deffn |
| 116 | |
paul | 76b89b4 | 2004-11-06 17:13:09 +0000 | [diff] [blame] | 117 | @node ip prefix-list sequential number control |
| 118 | @subsection ip prefix-list sequential number control |
paul | 718e374 | 2002-12-13 20:15:29 +0000 | [diff] [blame] | 119 | |
| 120 | @deffn {Command} {ip prefix-list sequence-number} {} |
| 121 | With this command, the IP prefix list sequential number is displayed. |
| 122 | This is the default behavior. |
| 123 | @end deffn |
| 124 | |
| 125 | @deffn {Command} {no ip prefix-list sequence-number} {} |
| 126 | With this command, the IP prefix list sequential number is not |
| 127 | displayed. |
| 128 | @end deffn |
| 129 | |
paul | 76b89b4 | 2004-11-06 17:13:09 +0000 | [diff] [blame] | 130 | @node Showing ip prefix-list |
| 131 | @subsection Showing ip prefix-list |
paul | 718e374 | 2002-12-13 20:15:29 +0000 | [diff] [blame] | 132 | |
| 133 | @deffn {Command} {show ip prefix-list} {} |
| 134 | Display all IP prefix lists. |
| 135 | @end deffn |
| 136 | |
| 137 | @deffn {Command} {show ip prefix-list @var{name}} {} |
| 138 | Show IP prefix list can be used with a prefix list name. |
| 139 | @end deffn |
| 140 | |
| 141 | @deffn {Command} {show ip prefix-list @var{name} seq @var{num}} {} |
| 142 | Show IP prefix list can be used with a prefix list name and sequential |
| 143 | number. |
| 144 | @end deffn |
| 145 | |
| 146 | @deffn {Command} {show ip prefix-list @var{name} @var{a.b.c.d/m}} {} |
| 147 | If the command longer is used, all prefix lists with prefix lengths equal to |
| 148 | or longer than the specified length will be displayed. |
| 149 | If the command first match is used, the first prefix length match will be |
| 150 | displayed. |
| 151 | @end deffn |
| 152 | |
| 153 | @deffn {Command} {show ip prefix-list @var{name} @var{a.b.c.d/m} longer} {} |
| 154 | @end deffn |
| 155 | |
| 156 | @deffn {Command} {show ip prefix-list @var{name} @var{a.b.c.d/m} first-match} {} |
| 157 | @end deffn |
| 158 | |
| 159 | @deffn {Command} {show ip prefix-list summary} {} |
| 160 | @end deffn |
| 161 | @deffn {Command} {show ip prefix-list summary @var{name}} {} |
| 162 | @end deffn |
| 163 | |
| 164 | @deffn {Command} {show ip prefix-list detail} {} |
| 165 | @end deffn |
| 166 | @deffn {Command} {show ip prefix-list detail @var{name}} {} |
| 167 | @end deffn |
| 168 | |
paul | 76b89b4 | 2004-11-06 17:13:09 +0000 | [diff] [blame] | 169 | @node Clear counter of ip prefix-list |
| 170 | @subsection Clear counter of ip prefix-list |
paul | 718e374 | 2002-12-13 20:15:29 +0000 | [diff] [blame] | 171 | |
| 172 | @deffn {Command} {clear ip prefix-list} {} |
| 173 | Clears the counters of all IP prefix lists. Clear IP Prefix List can be |
| 174 | used with a specified name and prefix. |
| 175 | @end deffn |
| 176 | |
| 177 | @deffn {Command} {clear ip prefix-list @var{name}} {} |
| 178 | @end deffn |
| 179 | |
| 180 | @deffn {Command} {clear ip prefix-list @var{name} @var{a.b.c.d/m}} {} |
| 181 | @end deffn |
| 182 | |