The ip extcommunity-filter command creates an extended community filter.
The undo ip extcommunity-filter command deletes an extended community filter.
By default, no extended community filter is configured.
Product |
Support |
|---|---|
S5720-EI, S5720-HI, S5720I-SI, S5720S-SI, S5720-SI, S5735-S, S5735S-S, S5735-S-I, S5730-HI, S5730S-EI, S5730-SI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720S-EI, S6720S-SI, S6720-SI, S6730-H, S6730S-H, S6730-S, and S6730S-S |
Supported. |
S2720-EI, S5720-LI, S5735-L, S5735S-L, S5735S-L-M, S5720S-LI, S6720-LI, and S6720S-LI |
Not supported. |
ip extcommunity-filter { basic-extcomm-filter-num | basic basic-extcomm-filter-name } { deny | permit } { rt { as-number:nn | 4as-number:nn | ipv4-address:nn } } &<1-16>
ip extcommunity-filter { advanced-extcomm-filter-num | advanced advanced-extcomm-filter-name } { deny | permit } regular-expression
undo ip extcommunity-filter { basic-extcomm-filter-num | basic basic-extcomm-filter-name } [ { deny | permit } { rt { as-number:nn | 4as-number:nn | ipv4-address:nn } } &<1-16> ]
undo ip extcommunity-filter { advanced-extcomm-filter-num | advanced advanced-extcomm-filter-name } [ regular-expression ]
| Parameter | Description | Value |
|---|---|---|
deny |
Sets the matching mode of the extended community filter to deny. |
- |
permit |
Sets the matching mode of the extended community filter to permit. |
- |
rt |
Sets the extended community filter type to RT. |
- |
as-number |
Specifies the AS number. |
The value is an integer ranging from 0 to 65535. |
4as-number |
Specifies a 4-byte AS number. |
A 4-byte AS number is divided into the following types:
|
ipv4-address |
Specifies an IPv4 address. |
The value is in dotted decimal notation. |
nn |
Specifies an integer. |
|
basic-extcomm-filter-num |
Specifies the number of a basic extended community filter. |
The value is an integer ranging from 1 to 199. |
basic basic-extcomm-filter-name |
Specifies the name of a basic extended community filter. |
The name is a string of 1 to 51 case-sensitive characters without spaces. The value cannot contain only numerals. When double quotation marks are used around the string, spaces are allowed in the string. |
advanced-extcomm-filter-num |
Specifies the number of an advanced extended community filter. |
The value is an integer ranging from 200 to 399. |
advanced advanced-extcomm-filter-name |
Specifies the name of an advanced extended community filter. |
The name is a string of 1 to 51 case-sensitive characters without spaces. The value cannot contain only numerals. When double quotation marks are used around the string, spaces are allowed in the string. |
regular-expression |
Specifies the regular expression used to match the extended community information. |
It is a string of 1 to 255 space-tolerant characters. |
Usage Scenario
An extended community filter can be used as a matching condition of a route-policy by using a command such as if-match extcommunity-filter zz.
Only the extended community number can be specified for a basic extended community filter. The regular expression can be used as a matching rule in an advanced extended community filter.
The ip extcommunity-filter basic extcomm-filter-name command or the ip extcommunity-filter basic-extcomm-filter-num command can be used to configure a basic extended community filter. basic extcomm-filter-name specifies the name of a basic extended community filter, and the name cannot be all digits. basic-extcomm-filter-num specifies only the basic extended community filter with the number ranging from 1 to 199. A maximum of 16 extended community numbers can be configured using one command.
The ip extcommunity-filter advanced extcomm-filter-name command or the ip extcommunity-filter adv-extcomm-filter-num command can be used to configure an advanced extended community filter. advanced extcomm-filter-name specifies the name of an advanced extended community filter, and the name cannot be all digits. adv-extcomm-filter-num specifies only the advanced extended community filter with the number ranging from 200 to 399.
The relationship between the rules of the extended community filter is "OR".
For example, the extended community filters in the following formats have the same matching results:
Format 1:
ip extcommunity-filter 1 permit rt 100:1 200:1 300:1
Format 2:
ip extcommunity-filter 1 permit rt 100:1
ip extcommunity-filter 1 permit rt 200:1 300:1
After the extended community filter is configured, if the policy application delay is set by using the route-policy-change notify-delay command, the Route Management (RM) module will instruct each protocol to apply this filter after the delay expires. By default, the RM module instructs each protocol to immediately apply this filter.
The undo ip extcommunity-filter command is used to delete a specified extended community filter.
The display ip extcommunity-filter command is used to display the detailed configurations of the extended community filter.
Configuration Impact
The ip extcommunity-filter command is used to filter routes based on the RT attributes of the routes. The routes that pass the filtering are permitted to pass through and the routes that fail to pass the filtering are denied.
Precautions
The extended community attributes of a route include VPN-target and Source of Origin (SoO). Only VPN-target, however, is supported by the policy.
By default, extended community filters work in deny mode. If all matching rules in a filter are configured to work in deny mode, all routes are denied by the filter; to prevent this problem, configure one matching rule in permit mode after one or multiple matching rules in deny mode so that the routes except for those denied by preceding matching rules are permitted by the filter.