Routing
Highlighted
Routing

Deny prefix if community contains non allowed entries

‎12-24-2019 07:29 AM

I was wondering if it's possible to reject a prefix if it contains at least one non allowed community even if it contains an allowed community.

 

Policy I have so far:

set policy-options policy-statement import-v4 term bad-communities-reject from community-count 1 orhigher
set policy-options policy-statement import-v4 term bad-communities-reject from community communities-invert
set policy-options policy-statement import-v4 term bad-communities-reject then reject

 

set policy-options community communities-invert invert-match members "1111:666|1111:1200"

 

This policy is partially working, for example, it will block any prefix that doesn't have 1111:666 or 1111:1200.

I would like the term to block ANY prefix that contains NOT 1111:666 or 1111:1200 even if one of the communities IS 1111:666 or 1111:1200.

 

Thank you for your input.

 

Kind Regards

1 REPLY 1
Highlighted
Routing

Re: Deny prefix if community contains non allowed entries

‎12-24-2019 08:26 AM

Try this AND operation:

set policy-options community communities-invert invert-match members "1111:666 1111:1200"

 

 

Thanks,
Nellikka
JNCIE x3 (SEC #321; SP #2839; ENT #790)
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
Feedback