Solved: Re: BGP distribute list problem

DialerString_2 · ‎04-23-2009

I'm trying to prevent a single host address from being injected into my providers MPLS network and even with the distribute-list it stills show up in the AS. Thanks..

router bgp 200

no synchronization

bgp log-neighbor-changes

network 10.2.20.0 mask 255.255.255.0

redistribute connected

neighbor 1.1.1.1 remote-as 65000

neighbor 1.1.1.1 route-map SETMED out

distribute-list 10 out

-even tried neighbor 1.1.1.1 distribute-list "" out

access-list 10 deny host 12.12.12.12

access-list 10 permit any

clear ip bpg *

clear ip route

int loopback 1

ip address 1.1.1.1 255.255.255.255

Jon Marshall · ‎04-23-2009

Eric

Just tested this with dynamips and it works fine for me, so as long as you have an exact matching route ie. 12.12.12.12 then it should work fine.

Jon

View solution in original post

Richard Burts · ‎04-23-2009

Eric

Where is 12.12.12.12/32 coming from? Is it a connected interface?

Also I am puzzled at parts of your config. You configure your BGP with a neighbor of 1.1.1.1, but it appears that 1.1.1.1 is a loopback interface on your router. Can you clarify what is going on?

HTH

Rick

HTH

Rick

DialerString_2 · ‎04-23-2009

Sorry guys about the incomplete config and 12.12.12.12 is Dialer interface that's setup for DSL.

DialerString_2 · ‎04-23-2009

router bgp 200

no synchronization

bgp log-neighbor-changes

network 10.2.20.0 mask 255.255.255.0

redistribute connected

neighbor 1.1.1.1 remote-as 65000

neighbor 1.1.1.1 route-map SETMED out

distribute-list 10 out

access-list 10 deny host 12.12.12.12

access-list 10 permit any

clear ip bpg *

clear ip route

int loopback 1

ip address 10.10.10.10 255.255.255.255

int di0

ip address 12.12.12.12 255.255.255.255

here is the complete config. and i"ve tried clear ip bgp *

Harold Ritter · ‎04-23-2009

Eric,

You should definitely use "neighbor 1.1.1.1 distribute-list 10 out".

Regards

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

Alex Wang · ‎07-19-2019

Hi Harold, this works.

But I have the same problem, it seems like the distribute doesn't work if I don't put it on specific neighbour. Do you have any idea about that?

Thanks.

Jon Marshall · ‎04-23-2009

Okay try this

access-list 10 deny 12.12.12.12

access-list 10 permit any

route-map FILTER permit 10

match ip address 2

router bgp 200

redistribute connected route-map FILTER

and remove

distribute-list 10 out from bgp config. Then as Harold says "clear ip bgp 1.1.1.1 soft out"

Jon

Harold Ritter · ‎04-23-2009

Eric,

Did you try "neighbor 1.1.1.1 distribute-list 10 out", followed by a "clear ip bgp 1.1.1.1 soft out". That should definitely work for you.

Regards

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

Jon Marshall · ‎04-23-2009

Eric

Just tested this with dynamips and it works fine for me, so as long as you have an exact matching route ie. 12.12.12.12 then it should work fine.

Jon

DialerString_2 · ‎04-23-2009

Hmmm. Well I'm specifying the host address int the acl and distribute list. I know that with BGP the routes have to be exact match in order to be in the bgp routing table. Does this apply for the distribute list also?

thx