The ip community-filter command configures a community filter or one entry in the community filter.
The undo ip community-filter command deletes a community filter or one entry from the community filter.
By default, no community filter is configured in the system.
ip community-filter { basic comm-filter-name | basic-comm-filter-num } { permit | deny } [ community-number | aa:nn | internet | no-export-subconfed | no-advertise | no-export ] &<1-20>
ip community-filter { advanced comm-filter-name | adv-comm-filter-num } { permit | deny } regular-expression
undo ip community-filter { basic comm-filter-name | basic-comm-filter-num } { permit | deny } [ community-number | aa:nn | internet | no-export-subconfed | no-advertise | no-export ] &<1-20>
undo ip community-filter { advanced comm-filter-name | adv-comm-filter-num } [ permit | deny ] [ regular-expression ]
| Parameter | Description | Value |
|---|---|---|
| basic comm-filter-name | Name of the basic community filter. | The name is a string of 1 to 51 case-sensitive characters,
spaces not supported. The string cannot be all numbers. NOTE:
When double quotation marks are used around the string, spaces are
allowed in the string. |
| basic-comm-filter-num | Number of the basic community filter. | It is an integer ranging from 1 to 99. |
| deny | Matching mode of the community filter is "deny". | - |
| permit | Matching mode of the community filter is "permit". | - |
| community-number | Specifies the community number. | It is an integer ranging from 0 to 4294967295. |
| aa:nn | Specifies the community number. You can configure
a maximum of 20 community numbers once.
|
Both aa and nn are integers ranging from 0 to 65535. |
| internet | Indicates that the matched routes can be sent to any peer. | - |
| no-export-subconfed | Indicates that routers do not advertise routes outside the AS. If the AS confederation is used, routers do not advertise routes to other sub-AS in the AS confederation. | - |
| no-advertise | Indicates that routers do not advertise routes to peers. | - |
| no-export | Indicates that routers do not advertise routes outside the AS. If the AS confederation is used, routers do not advertise routes outside the AS confederation but to sub-ASs in the AS confederation. | - |
| advanced comm-filter-name | Name of the advanced community filter. | The name is a string of 1 to 51 case-sensitive characters,
spaces not supported. The string cannot be all numbers. NOTE:
When double quotation marks are used around the string, spaces are
allowed in the string. |
| adv-comm-filter-num | Number of the advanced community filter. | It is an integer ranging from 100 to 199. |
| regular-expression | Specifies the regular expression matched the community. | The name is a string of 1 to 255 characters. |
Usage Scenario
The community attribute is a private attribute of BGP, and can be used only to filter BGP routes. The community attribute can be used together with the if-match community-filter command as a matching condition of a route-policy.
Precautions
Only the community number or known community attribute can be specified for a basic community filter. The regular expression can be used as a matching rule in an advanced community filter.
The ip community-filter basic comm-filter-name command or the ip community-filter basic-comm-filter-num command can be used to configure a basic community filter. basic comm-filter-name specifies the name of a basic community filter, and the name cannot be all digits. A maximum of 20 community numbers can be configured using one command. basic-comm-filter-num specifies only the basic community filter with the number ranging from 1 to 99. A maximum of 20 community numbers can be configured using one command.
The ip community-filter advanced comm-filter-name command or the ip community-filter adv-comm-filter-num command can be used to configure an advanced community filter. advanced comm-filter-name specifies the name of an advanced community filter, and the name cannot be all digits. adv-comm-filter-num specifies only the advanced community filter with the number ranging from 100 to 199.
The relationship between the rules of the community filter is "AND". This is different from the Route Distinguisher (RD) filter. This is because each route has only one RD but can have multiple communities.
For example, the community filters in the following formats have different matching results:
Format 1:
ip community-filter 1 permit 100:1 200:1 300:1
Format 2:
ip community-filter 1 permit 100:1
ip community-filter 1 permit 200:1 300:1
In the preceding configuration of the community filter, the community defined in each rule must be a sub-set of route communities so that the rule can be matched.
The RD filters in the following formats have the same matching results:
Format 1:
ip rd-filter 100 permit 100:1 200:1 2.2.2.2:1 3.3.3.3:1
Format 2:
ip rd-filter 100 permit 100:1 200:1
ip rd-filter 100 permit 2.2.2.2:1
ip rd-filter 100 permit 3.3.3.3:1
The apply comm-filter delete command run in the Route-Policy view deletes the specified community attribute from routes. An ip community-filter command can be used to specify community attributes but one such command specifies only one community attribute each time. To delete more than one community attribute, run the ip community-filter command multiple times. If multiple community attributes are specified in one filter, none of them can be deleted. For information about examples, see apply comm-filter delete.
By default, Community filters work in deny mode. If all matching rules in a filter are configured to work in deny mode, all routes are denied by the filter; to prevent this problem, configure one matching rule in permit mode after one or multiple matching rules in deny mode so that the routes except for those denied by preceding matching rules are permitted by the filter.
Before you run the undo ip community-filter command to delete a community attribute filter that is referenced by another command, delete the reference configuration.
Follow-up Procedure
By default, the Route Management (RM) module will instruct all protocols to apply this community filter. To delay the effective time, run the route-policy-change notify-delay command.
Run the display ip community-filter command to view detailed configuration for the community filter.