source-address (PBR rule view)

Function

The source-address command sets the source address of packets as a matching condition of a PBR rule.

The undo source-address command deletes the configuration.

Format

source-address { address-set address-set-name &<1-6> | ipv4-address { ipv4-mask-length | mask mask-address } | ipv6-address ipv6-prefix-length | range { ipv4-start-address ipv4-end-address | ipv6-start-address ipv6-end-address } | mac-address &<1-6> | isp isp-name &<1-6> | domain-set domain-set-name &<1-6> | any }

undo source-address { address-set address-set-name &<1-6> | ipv4-address { ipv4-mask-length | mask mask-address } | ipv6-address ipv6-prefix-length | range { ipv4-start-address ipv4-end-address | ipv6-start-address ipv6-end-address } | mac-address &<1-6> | isp isp-name &<1-6> | domain-set domain-set-name &<1-6> | all }

Parameters

Parameter Description Value
address-set address-set-name

Specifies the name of an address set.

The value must be the name of an existing address set.
ipv4-address

Specifies an IPv4 address.

The value is in decimal dotted notation.
ipv4-mask-length

Specifies the mask length of an IPv4 address.

The value is an integer ranging from 1 to 32.
mask mask-address

Specifies the mask of an IPv4 address.

 The value is in dotted decimal notation whose binary form cannot be inconsecutive. For example, 255.0.255.0 is not a legitimate wildcard because its binary form is 11111111.00000000.11111111.00000000. In the binary form, digits 1 are to be matched, whereas digits 0 are not. For example, 192.168.1.1/255.0.255.0 indicates that only IP addresses of the 192.*.1.* form are to be matched.
wildcard Specifies the wildcard of an IPv4 address. The value is in dotted decimal notation whose binary form cannot be inconsecutive. For example, 0.255.0.255 is not a legitimate wildcard because its binary form is 00000000.11111111.00000000.11111111. In the binary form, digits 0 are to be matched, whereas digits 1 are not. For example, 192.168.1.1/0.255.0.255 indicates that only IP addresses of the 192.*.1.* form are to be matched.
ipv6-address ipv6-prefix-length

Specifies an IPv6 address range for source IP address-based matching. ipv6-address specifies an IPv6 address. ipv6-prefix-length specifies the IPv6 prefix length.

-
range ipv4-start-address ipv4-end-address

Specifies an IPv4 address range for source IP address-based matching. ipv4-start-address specifies the start IPv4 address. ipv4-end-address specifies the end IPv4 address.

-
range ipv6-start-address ipv6-end-address

Specifies an IPv6 address range for source IP address-based matching. ipv6-start-address specifies the start IPv6 address. ipv6-end-address specifies the end IPv6 address.

-
mac-address

Specifies the MAC address.

MAC address in the format of H-H-H. An H is a 4-bit hexadecimal number, such as 00e0 and fc01. If an H contains less than four bits, it means that the first bits contained in the H are 0s. For example, if an H is e0, it is equal to 00e0. FFFF-FFFF-FFFF is an invalid MAC address.

Only the AntiDDoS1600 support this parameter.
isp-name

Specifies the name of an ISP address group.

-
any

Indicates any address.

-
all

Deletes all configurations that use source IP addresses as a matching condition.

-

Views

PBR rule view

Default Level

2: Configuration level

Usage Guidelines

Matching conditions are used to identify traffic and traffic that matches conditions is routed independently from other traffic. The source-address command configures source IP address-based traffic matching.

Example

# Set source IP address 10.1.1.0/24 as a matching condition of a PBR rule. 

<sysname> system-view
[sysname] policy-based-route
[sysname-policy-pbr] rule name abc
[sysname-policy-pbr-rule-abc] source-address 10.1.1.0 24
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.