06-02-2020 04:36 PM
Does anyone know if its possible to use an IP object group in an extended acl and then apply that acl to a route map?
Eg:
object-group network TestGroup 172.16.100.0 255.255.255.0 172.16.101.0 255.255.255.0 172.16.102.0 255.255.255.0 172.16.103.0 255.255.255.0
router bgp 65541 bgp router-id 192.168.199.254 bgp log-neighbor-changes no bgp default ipv4-unicast timers bgp 15 45 neighbor 192.168.199.253 remote-as 65542 neighbor 192.168.199.253 ebgp-multihop 5 neighbor 192.168.199.253 password 7 XXXXXXXXXXXXXXXXXXXXXX ! address-family ipv4 redistribute connected neighbor 192.168.199.253 activate neighbor 192.168.199.253 default-originate neighbor 192.168.199.253 capability orf prefix-list send neighbor 192.168.199.253 soft-reconfiguration inbound neighbor 192.168.199.253 route-map OutboundBGP out exit-address-family ! ip forward-protocol nd ip access-list extended PermitRoute permit ip object-group TestGroup any ! ! route-map OutboundBGP permit 10 match ip address PermitRoute match source-protocol connected
I can't seem to get this configuration to work and I'm not even sure its supported. This is Cisco IOS, NOT ASA and everything I appear to finding is either ASA specific to relates to policy-based routing or traffic filtering. I'm looking to specifically not have to create a separate large list one by one using wildcard masks when i already have a large object group configured for other use cases.
Any ideas or feedback would be appreciated and thanks.
Solved! Go to Solution.
06-02-2020 09:22 PM
06-02-2020 09:22 PM
06-03-2020 11:05 PM
Thanks for the tip.
I ended up using prefix lists in almost exactly that way and it worked perfectly.
06-04-2020 07:18 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide