cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1509
Views
0
Helpful
10
Replies

Filter routes

anitachoi3
Level 1
Level 1

Hi expert,

I would like to filter a route which is exactly match the condition. Below is the requirement:

A.

1. allow 192.168.30.0/30

2. not allow 192.168.30.0/29 or other

3. not allow 192.168.30.0/31 or other.

B.

1. not allow 192.168.30.0/30

2. allow 192.168.30.0/29 or other

3. allow 192.168.30.0/31 or other.

It seems that ACL cannot do it. please advise.

rdgs

Anita

1 Accepted Solution

Accepted Solutions

Hi,

yes it will deny everything else except 192.168.30.0/30

Regards.

Alain.

Don't forget to rate helpful posts.

View solution in original post

10 Replies 10

Hi Anita,

Use prefix-list

A. permit 192.168.30.0 ge /30 will block all other which has subnet less than /30

B. You need to add permit statement for just 192.168.30.0/30 only.

Regards,

Smitesh

Latchum Naidu
VIP Alumni
VIP Alumni

Hi Anita,

I would suggest you to use route-map in order to get your required routes filter.

A.
1. allow 192.168.30.0/30
2. not allow 192.168.30.0/29 or other
3. not allow 192.168.30.0/31 or other.

ip access ex 100
permit ip 192.168.30.0 0.0.0.3
deny any any

route-map Route_filter1 permit 10
match ip address 100


B.
1. not allow 192.168.30.0/30
2. allow 192.168.30.0/29 or other
3. allow 192.168.30.0/31 or other.


ip access ex 200
permit ip 192.168.30.0 0.0.0.7
permit ip 192.168.30.0 0.0.0.2
deny any any

route-map Route_filter1 permit 10
match ip address 200


Please rate the helpfull posts.
Regards,
Naidu.

Dear Naidu,

For A, if there is a route 192.168.30.0 255.255.255.254 (192.168.30.0/31), it should be cover by ACL 100 becasue 0.0.0.3 should include it. Not sure that I am right or wrong. please advise.

How to allow the route "/30" but not accept "/31", "/32"?

rdgs

Anita

Hi Anita,


How to allow the route "/30" but not accept "/31", "/32"?

You can use the below one..

ip access ex 200
permit ip 192.168.30.0 0.0.0.3
deny any any


Please rate the helpfull posts.
Regards,
Naidu.

Hi Naidu,

If the route is 192.168.30.0 0.0.0.1, the ACL 200 should pernit it. Is it correct?

rdge

Anita

Hi,

the only way to filter prefixes and prefix-length is with a prefix-list.

It may be configure with a special  extended ACL but I don't know if it will work in every routing protocols( I know it's possible with BGP).In this case you match the prefix-length with the destination part, it should be something like this:

for permitting only 192.168.1.0/24: access-list 100 permit 192.168.1.0 0.0.0.255 255.255.255.0 0.0.0.255

But the prefix-list is the tool to use for such cases as it is easier to implement.

Regards.

Alain

Don't forget to rate helpful posts.

Dear Alain,

Please see if it is working or not.

For A:

ip prefix-list abc seq 5 deny 192.168.30.0 gt 30

ip prefix-list abc seq 10 deny 192.168.30.0 le 30

ip prefix-list abc seq 15 permit any

For B:

ip prefix-list abc seq 5 permit 192.168.30.0 gt 30

ip prefix-list abc seq 10 premit 192.168.30.0 le 30

rdgs

Anita

Hi,

for A: denying /29 and /31 but permitting anything else included /30

ip prefix-list abc seq 5 deny 192.168.30.0/29

ip prefix-list abc seq 10 deny 192.168.30.0/31

ip prefix-list abc seq 15 permit 0.0.0.0/0 le 32

for B: denying /30 but permitting anything else included /29 and /31

ip prefix-list abc seq 5 deny 192.168.30.0/30

ip prefix-list abc seq 10 permit  0.0.0.0/0 le 32

Regards.

Alain

Don't forget to rate helpful posts.

Hi Alain,

Does it work for A:

ip prefix-list abc seq 5 permit 192.168.30.0/30

could it block 192.168.30.0/32, /31, /29, /28.....

rdgs

Anita

Hi,

yes it will deny everything else except 192.168.30.0/30

Regards.

Alain.

Don't forget to rate helpful posts.
Review Cisco Networking for a $25 gift card