3Com 3C13636 Configuration Manual page 708

3Com Router 3000 Ethernet Family
Configuration Guide
II. ACL
There are three kinds of ACLs: advanced represents advanced ACL, basic represents
basic ACL and interface represents interface-based ACL.
Normally, basic ACL and advanced ACL are adopted to filter routing information. If you
use the basic ACL, you must specify a range of IP addresses or subnets when defining
ACL so as to match the source address of routing information. If you use the advanced
ACL, you can specify protocol type, source/destination address or port number which
will be used for matching.
For ACL configuration, refer to the contents about Firewall Configuration in the security
part of this manual.
III. IP-prefix
The IP-prefix plays a role similar to ACL. But it is more flexible than ACL and easier to
understand. When IP-prefix is applied for filtering of routing information, its matching
object is the destination address information field of routing information. Moreover, for
IP-prefix, the user can specify the gateway option so as to indicate that only routing
information advertised by certain routers will be received.
An IP-prefix is identified by the ip-prefix name. Each IP-prefix can include multiple items,
and each item, which is identified by an index-number, can independently specify the
matching range of the network prefix forms. The index-number specifies the matching
sequence in the IP-prefix list.
During the matching, the router checks list items identified by the index-number in the
ascending order. If any one list item meets the condition, it means that it has passed the
IP-prefix filtering (will not enter the testing of the next list item).
IV. AS-path-acl
AS-path-acl only applies to BGP. In the BGP routing information packet, there is an
AS-path domain (During BGP routing information exchange, the AS path where routing
information passes will be recorded in the domain). As-path specifies matching
conditions according to the AS-path field.
The definition of the AS-path has already been implemented in the BGP configuration.
For the related configurations, please refer to the ip as-path-acl command in the
chapter BGP Configuration.
V. Community-list
The community-list only applies to BGP. The routing information packet of the BGP
includes a community attribute domain to identify a community. Targeting at the
community attribute, the community-list specifies the match condition.
Chapter 7 IP Routing Policy Configuration
3Com Corporation
7-2