Creating a routing policy, Defining if-match clauses – H3C Technologies H3C SecPath F1000-E User Manual

Page 947

Advertising
background image

922

node, or go to the next node. If route information cannot match all the if-match clauses of the node,

it will go to the next node for a match.

When a routing policy has more than one node, at least one node should be configured with the
permit keyword. If the routing policy is used to filter routing information, routing information that

does not meet any node cannot pass the routing policy. If all nodes of the routing policy are set with

the deny keyword, no routing information can pass it.

Creating a routing policy

Step Command

1.

Enter system view.

system-view

2.

Create a routing policy, specify a node
for it and enter routing policy view.

route-policy route-policy-name { deny | permit } node
node-number

Defining if-match clauses

Follow these guidelines when you define if-match clauses:

The if-match clauses of a routing policy node are in logic AND relationship. Routing information
has to satisfy all its if-match clauses before being executed with its apply clauses. If an if-match

command exceeds the maximum length, multiple identical if-match clauses are generated. These

clauses are in logical OR relationship. Routing information only needs to match one of them.

You can specify any number of if-match clauses for a routing policy node. If no if-match clause is
specified, and the routing policy node is in permit mode, all routing information can pass the node.

If it is in deny mode, no routing information can pass it.

If the ACL referenced by an if-match clause does not exist, the clause is always satisfied; if no rules
of the referenced ACL are matched or the matching rule is inactive, the clause is not satisfied.

An ACL specified in an if-match clause should be a non-VPN ACL.

The if-match commands for matching IPv4 destination, next hop and source address are different
from those for matching IPv6 ones.

BGP does not support criteria for matching against outgoing interfaces of routing information.

To define if-match clauses:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter routing policy view.

route-policy route-policy-name { deny |
permit } node node-number

N/A

Advertising
This manual is related to the following products:

H3C SecPath F5000-A5 Firewall, H3C SecPath F1000-A-EI, H3C SecPath F1000-E-SI, H3C SecPath F1000-S-AI, H3C SecPath F5000-S Firewall, H3C SecPath F5000-C Firewall, H3C SecPath F100-C-SI, H3C SecPath F1000-C-SI, H3C SecPath F100-A-SI, H3C SecBlade FW Cards, H3C SecBlade FW Enhanced Cards, H3C SecPath U200-A U200-M U200-S, H3C SecPath U200-CA U200-CM U200-CS, H3C SecBlade LB Cards, H3C SecPath L1000-A Load Balancer

Popular Brands
Popular manuals