Solved: Denying default route with route-map DENIED due to: route-map

Letau Matlou · ‎02-08-2020

Hi All

I have an issue where i am trying to deny only the default route coming from a BGP peer with an INBOUND route-map, however the route-map seems to be denying all routes. I have tried this with the route-map matching an access-list and again with the route-map matching a prefix-list. As per below BGP update debugs on R2 all routes are blocked

*Feb 8 14:36:57.999: BGP(0): 192.168.50.1 rcvd 0.0.0.0/0 -- DENIED due to: route-map;

*Feb 8 14:36:57.399: BGP(0): 192.168.50.1 rcvd 192.168.50.1/24 -- DENIED due to: route-map

Please assist

Below is the configs

R1----------R2

######R1##########

int loopback 1

ip address 192.168.50.1 255.255.255.0

!

interface fa 0/0

description "CONNECTED TO R2"

ip address 192.168.1.1 255.255.255.0

no shut

!

router bgp 64512

neighbor 192.168.1.2 remote-as 64513

network 192.168.50.0 mask 255.255.255.0

network 0.0.0.0

!

ip route 0.0.0.0 0.0.0.0 null 0

#######R2

interface fa 0/0

description "CONNECTED TO R1"

ip address 192.168.1.2 255.255.255.0

no shut

!

router bgp 64513

neighbor 192.168.1.1 remote-as 64512

neighbor 192.168.1.1 route-map BPG-NEIGHBOR in

!

ip access-list extended DEFAULT-ROUTE
permit ip 0.0.0.0 0.0.0.0 any
!

route-map BPG-NEIGHBOR deny 10

match ip address DEFAULT-ROUTE

!

route-map BPG-NEIGHBOR permit 20

!

paul driver · ‎02-08-2020

Hello

At the moment you denying all routes, if you change the access-list to aa prefix-list you should be able to deny the default route much easily.

Example:
ip prefix-list DEFAULT-ROUTE deny 0.0.0.0/0
ip prefix-list DEFAULT-ROUTE permit 0.0.0.0/0 le 32

route-map BPG-NEIGHBOR permit 10
no match ip address DEFAULT-ROUTE
match ip address prefix-list DEFAULT-ROUTE

no route-map BPG-NEIGHBOR permit 20

clear ip bgp * soft

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

paul driver · ‎02-08-2020

Hello

At the moment you denying all routes, if you change the access-list to aa prefix-list you should be able to deny the default route much easily.

Example:
ip prefix-list DEFAULT-ROUTE deny 0.0.0.0/0
ip prefix-list DEFAULT-ROUTE permit 0.0.0.0/0 le 32

route-map BPG-NEIGHBOR permit 10
no match ip address DEFAULT-ROUTE
match ip address prefix-list DEFAULT-ROUTE

no route-map BPG-NEIGHBOR permit 20

clear ip bgp * soft

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Letau Matlou · ‎02-08-2020

Hi Paul

Thank you for the quick response, it worked after adjusting my configs

Another thing i realized is that when i was trying to use a prefix list, instead of matching as "match ip address PREFIX-LIST" i would just match as "match ip ADDRESS" and it would deny everything as it tried to reference an ACL and not PREFIX-LIST

Thanks a mill,,,, now i know that:::: "match ip address" is for ACL and "match ip address prefix-list" is for PREFIX-LIST