06-29-2013 06:48 AM - edited 03-04-2019 08:20 PM
Hi All,
I've setup simple BGP lap in GNS3 and wanted to block R3 (131.1.1.0/24) route,NOT advertise to R2 router. ( Topology diagram is attached).
--------------
I have created simple route map on R1 router
R1#sh ip access-lists
Standard IP access list block
10 deny 131.1.1.0, wildcard bits 0.0.0.255
20 permit any (12 matches)
R1#
R1#sh rout
R1#sh route-map
route-map BLK131_300, permit, sequence 10
Match clauses:
ip address (access-lists): block
Set clauses:
Policy routing matches: 0 packets, 0 bytes
route-map BLK131_300, permit, sequence 20
Match clauses:
Set clauses:
Policy routing matches: 0 packets, 0 bytes
.
R1#sh run | s r b
router bgp 100
no synchronization
bgp log-neighbor-changes
network 1.1.0.0 mask 255.255.240.0
network 2.2.0.0 mask 255.255.248.0
neighbor 150.1.1.2 remote-as 200
neighbor 150.1.1.2 route-map BLK131_300 out
neighbor 150.1.1.6 remote-as 300
no auto-summary
---------------------------------
Cleared BGP but still I see 131.1.1.0/24 routers in R2. Please help
Thanks
Sri
06-29-2013 08:00 AM
Hi In your network diagram R3 LAN subnet is 130.1.1.0/24 but in that ACL you’re blocking 131.1.1.0/24 subnet is that correct?
06-29-2013 08:38 AM
Kumar,
I added two subnets 130.1.1.0/24 and 131.1.1.0/24 on R3.
Follwing changes made and issue got fixed...
ip access-list standard block
permit 131.1.1.0 0.0.0.255
route-map BLK131_300 deny 10
match ip address block
route-map BLK131_300 permit 20
Can you please help me...
Do we need to Permit the traffice in ACL and Deny in Router-Map for "BGP OUTbound" ?
Any help highly appreciated
Thanks
Sri
06-29-2013 09:10 AM
Route-maps can have permit and deny clauses. In route-map BLK131_300, there is one deny clause (with sequence number 10) and one permit clauses (with sequence number 20). The deny clause rejects route matches from ACL Therefore, these rules apply:
If you use an ACL in a route-map permit clause, routes that are permitted by the ACL are allowed.
If you use an ACL in a route-map deny clause, routes that are permitted by the ACL are not allowed.
If you use an ACL in a route-map permit or deny clause, and the ACL denies a route, then the route-map clause match is not found and the next route-map clause is evaluated.
06-29-2013 09:59 AM
I used to understand like this
In route-map BLK131_300, deny clause in that match ACL if we permit X & Y subnet then route-map will deny that.
- * + = - (deny)
In route-map BLK131_300, permit clause in that match ACL if we deny X & Y subnet then route-map will deny that.
+ * - = - (deny)
In route-map BLK131_300, permits clause in that match ACL if we permit X & Y subnet then route-map will permit that.
+ * + = + (permit)
In route-map BLK131_300, deny clause in that match ACL if we deny X & Y subnet then route-map will deny that.
deny
07-01-2013 12:07 AM
Thanks for the explaination,
I initially Deny the routers in ACS and permited in Router Map but did not work..
Same way I did but no luck.
-------
ip access-list standard block
deny 131.1.1.0 0.0.0.255
permit ip any any
route-map BLK131_300 permit 10
match ip address block
route-map BLK131_300 permit 20
Thanks Sri
07-01-2013 12:38 AM
R1#
R1#
R1#sh ip bgp neighbors 59.160.100.25 advertised-routes
BGP table version is 3, local router ID is 59.160.100.50
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 131.1.1.0/24 0.0.0.0 0 32768 i
*> 132.1.1.0/24 0.0.0.0 0 32768 i
Total number of prefixes 2
R1#
R1#
R1(config)#ip access-list standard 10
R1(config-std-nacl)#deny 131.1.1.0 0.0.0.255
R1(config-std-nacl)#permit 132.1.1.0 0.0.255
R1(config-std-nacl)#exit
R1(config)#route-map BLK131_300 per 10
R1(config-route-map)#mat ip add 10
R1(config-route-map)#exit
R1(config)#router bgp 2
R1(config-router)#nei 59.160.100.25 route-map BLK131_300 out
R1(config-router)#end
R1#clear ip bgp * soft out
R1#sh ip bgp neighbors 59.160.100.25 advertised-routes
BGP table version is 3, local router ID is 59.160.100.50
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 132.1.1.0/24 0.0.0.0 0 32768 i
Total number of prefixes 1
R1#sh ip access
Standard IP access list 10
10 deny 131.1.1.0, wildcard bits 0.0.0.255 (1 match)
20 permit 132.1.1.0, wildcard bits 0.0.0.255 (1 match)
R1#
R1#sh route-map
route-map BLK131_300, permit, sequence 10
Match clauses:
ip address (access-lists): 10
Set clauses:
Policy routing matches: 0 packets, 0 bytes
R1#
07-01-2013 03:35 AM
Thanks Kumar, I will test in my Lab. Le's see how it works :-)
Thanks
Sri
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide