apply deny (Flow-Route IPv6 VPN instance view)

Function

The apply deny command enables a device to discard the traffic matching a filtering rule.

The undo apply deny command cancels the configuration.

By default, no traffic is discarded.

Format

apply deny

undo apply deny

Parameters

None

Views

Flow-Route IPv6 VPN instance view, Flow-Route VPN instance view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
flow-route write

Usage Guidelines

Usage Scenario

When the apply deny command is configured for a BGP (IPv6) Flow Specification route or BGP (IPv6) VPN Flow Specification route, the traffic matching a filtering rule is discarded to protect the target device from attacks, and to ensure network security.

Prerequisites

A BGP (IPv6) Flow Specification route or BGP (IPv6) VPN Flow Specification route has been configured using the flow-route command in the system view.

Example

# Configure the operation of discarding matching traffic in the static BGP IPv6 VPN Flow Specification route Rule 1.
<HUAWEI> system-view
[~HUAWEI] ip vpn-instance vpna
[~HUAWEI-vpn-instance-vpna] quit
[~HUAWEI] flow-route Rule1 ipv6 vpn-instance vpna
[*HUAWEI-flow-route-ipv6-vpna] if-match port equal 24
[*HUAWEI-flow-route-ipv6-vpna] apply deny
# Configure the operation of discarding matching traffic in the static BGP VPN Flow Specification route Rule 1.
<HUAWEI> system-view
[~HUAWEI] ip vpn-instance vpna
[~HUAWEI-vpn-instance-vpna] quit
[~HUAWEI] flow-route Rule1 vpn-instance vpna
[*HUAWEI-flow-route-vpna] if-match port equal 24
[*HUAWEI-flow-route-vpna] apply deny
Parent Topic: BGP Flow Specification Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >