if-match ip next-hop acl

Function

The if-match ip next-hop acl command configures a filtering rule that is based on next-hop IP addresses.

The undo if-match ip next-hop acl command cancels the configuration.

By default, no filtering rule based on next-hop IP addresses is configured.

Format

if-match ip next-hop acl { acl-number | acl-name }

undo if-match ip next-hop acl { acl-number | acl-name }

Parameters

Parameter	Description	Value
acl-number	Specifies the number of a basic ACL.	The value is an integer that ranges from 2000 to 2999.
acl-name	Specifies the name of a named basic ACL.	The value is a string of 1 to 64 case-sensitive characters without spaces. The value must start with a letter (a to z or A to Z, case sensitive).
acl	Specifies the ACL for route filtering.	-

Parameter

Description

Value

acl-number

Specifies the number of a basic ACL.

The value is an integer that ranges from 2000 to 2999.

acl-name

Specifies the name of a named basic ACL.

The value is a string of 1 to 64 case-sensitive characters without spaces. The value must start with a letter (a to z or A to Z, case sensitive).

acl

Specifies the ACL for route filtering.

Views

Route-policy view

Default Level

2: Configuration level

Task Name and Operations

Task Name	Operations
route-base	write

Usage Guidelines

Usage Scenario

The if-match ip command is widely applied. The filtering rule configured using this command takes effect only after an IP prefix or an ACL is configured. For example:

If the if-match ip next-hop ip-prefix aa command is used but the IP prefix aa is not configured, all routes are permitted. This is the same case when the ACL is used.
If the if-match ip next-hop ip-prefix aa command is used after the ip ip-prefix aa permit 1.1.1.1 32 command is used, the routes with the next hop address 1.1.1.1 are permitted. This is the same case when the ACL is used.

Prerequisites

A route-policy has been configured using the route-policy command.

An ACL has been configured using the acl command.

Configuration Impact

When you filter routes based on the next hop addresses, the routes that match the filtering rule are permitted and the route that do not match the filtering rule are denied.

Precautions

If the next hop address or source address of a route to be filtered is 0.0.0.0, by default, the system considers the mask length as 0 and matches the route.

If the next hop address or source address of a route to be filtered is not 0.0.0.0, by default, the system considers the mask length as 32 and matches the route.

For a named ACL, when the rule command is used to configure a filtering rule, only the source address range specified in source and the time period specified in time-range take effect on the filtering rule.

Example

# Define a rule to match the routes with the next hop address in the ACL list.

<HUAWEI> system-view
[~HUAWEI] acl 2000
[*HUAWEI-ac14-basic-2000] quit
[*HUAWEI] route-policy policy permit node 10
[*HUAWEI-route-policy] if-match ip next-hop acl 2000