Filter
Top Products
DES-7200 Configuration Guide Chapter 2 Configuring BGP IP VPN
2-21
Configuring Route Map Rules to Filter VPN Routes (Optional)
In view of the AS security in actual applications, you can generally configure policies on ASBRs
to send or receive only certain VPN routers. You can realize this purpose by filtering the RT
extended community attributes of VPN routes. In addition, all VPN routes are saved since the
default RF filtering function is disabled on the ASBR. In this case, you can configure VPN route
policies to receive only inter-AS VPN routes sent from the local AS, lessening the capacity
pressure of the ASBR.
To configure a filtering policy, you should enter the privilege mode and perform the following
configuration steps:
Command Function
DES-7200# configure terminal
Enter the global configuration mode.
DES-7200(config)# ip
extcommunity-list standard
extcommunity-name |
extcommunity-number {permit|deny}
rt rt-value
Create a rule for the extended community
attribute list.
DES-7200(config)# show ip
extcommunity-list
[list-number|list-name]
Verify the configured rule for the extended
community attribute list.
DES-7200(config)# route-map
route-map-name permit [number]
Create a route map rule and enter the route map
configuration mode.
DES-7200(config-route-map)#
match extcommunity
extcommunity-name|extcommunity-n
umber
Set the RT matching rule for a route map.
DES-7200(config-route-map)# show
route-map
route-map-name
Display the route map rule.
DES-7200(config-route-map)# exit
Quit the route map configuration mode.
DES-7200(config)# router bgp
as-num
Enable BGP and enter the BGP configuration
mode.
DES-7200(config-router)#
address-family vpnv4
Enter the VPN address family.