Solved: Filter routes

anitachoi3 · ‎11-24-2011

Hi expert,

I would like to filter a route which is exactly match the condition. Below is the requirement:

A.

1. allow 192.168.30.0/30

2. not allow 192.168.30.0/29 or other

3. not allow 192.168.30.0/31 or other.

B.

1. not allow 192.168.30.0/30

2. allow 192.168.30.0/29 or other

3. allow 192.168.30.0/31 or other.

It seems that ACL cannot do it. please advise.

rdgs

Anita

cadet alain · ‎11-24-2011

Hi,

yes it will deny everything else except 192.168.30.0/30

Regards.

Alain.

Don't forget to rate helpful posts.

View solution in original post

smitesh kharecha · ‎11-24-2011

Hi Anita,

Use prefix-list

A. permit 192.168.30.0 ge /30 will block all other which has subnet less than /30

B. You need to add permit statement for just 192.168.30.0/30 only.

Regards,

Smitesh

Latchum Naidu · ‎11-24-2011

Hi Anita,

I would suggest you to use route-map in order to get your required routes filter.

A.
1. allow 192.168.30.0/30
2. not allow 192.168.30.0/29 or other
3. not allow 192.168.30.0/31 or other.

ip access ex 100
permit ip 192.168.30.0 0.0.0.3
deny any any

route-map Route_filter1 permit 10
match ip address 100

B.
1. not allow 192.168.30.0/30
2. allow 192.168.30.0/29 or other
3. allow 192.168.30.0/31 or other.

ip access ex 200
permit ip 192.168.30.0 0.0.0.7
permit ip 192.168.30.0 0.0.0.2
deny any any

route-map Route_filter1 permit 10
match ip address 200

Please rate the helpfull posts.
Regards,
Naidu.

anitachoi3 · ‎11-24-2011

Dear Naidu,

For A, if there is a route 192.168.30.0 255.255.255.254 (192.168.30.0/31), it should be cover by ACL 100 becasue 0.0.0.3 should include it. Not sure that I am right or wrong. please advise.

How to allow the route "/30" but not accept "/31", "/32"?

rdgs

Anita

Latchum Naidu · ‎11-24-2011

Hi Anita,

How to allow the route "/30" but not accept "/31", "/32"?

You can use the below one..

ip access ex 200
permit ip 192.168.30.0 0.0.0.3
deny any any

Please rate the helpfull posts.
Regards,
Naidu.

anitachoi3 · ‎11-24-2011

Hi Naidu,

If the route is 192.168.30.0 0.0.0.1, the ACL 200 should pernit it. Is it correct?

rdge

Anita

cadet alain · ‎11-24-2011

Hi,

the only way to filter prefixes and prefix-length is with a prefix-list.

It may be configure with a special extended ACL but I don't know if it will work in every routing protocols( I know it's possible with BGP).In this case you match the prefix-length with the destination part, it should be something like this:

for permitting only 192.168.1.0/24: access-list 100 permit 192.168.1.0 0.0.0.255 255.255.255.0 0.0.0.255

But the prefix-list is the tool to use for such cases as it is easier to implement.

Regards.

Alain

Don't forget to rate helpful posts.

anitachoi3 · ‎11-24-2011

Dear Alain,

Please see if it is working or not.

For A:

ip prefix-list abc seq 5 deny 192.168.30.0 gt 30

ip prefix-list abc seq 10 deny 192.168.30.0 le 30

ip prefix-list abc seq 15 permit any

For B:

ip prefix-list abc seq 5 permit 192.168.30.0 gt 30

ip prefix-list abc seq 10 premit 192.168.30.0 le 30

rdgs

Anita

cadet alain · ‎11-24-2011

Hi,

for A: denying /29 and /31 but permitting anything else included /30

ip prefix-list abc seq 5 deny 192.168.30.0/29

ip prefix-list abc seq 10 deny 192.168.30.0/31

ip prefix-list abc seq 15 permit 0.0.0.0/0 le 32

for B: denying /30 but permitting anything else included /29 and /31

ip prefix-list abc seq 5 deny 192.168.30.0/30

ip prefix-list abc seq 10 permit 0.0.0.0/0 le 32

Regards.

Alain

Don't forget to rate helpful posts.

anitachoi3 · ‎11-24-2011

Hi Alain,

Does it work for A:

ip prefix-list abc seq 5 permit 192.168.30.0/30

could it block 192.168.30.0/32, /31, /29, /28.....

rdgs

Anita

cadet alain · ‎11-24-2011

Hi,

yes it will deny everything else except 192.168.30.0/30

Regards.

Alain.

Don't forget to rate helpful posts.