cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Possible to use a network-object object group in bgp route-map?

MaeltorSYN
Beginner
Beginner

Does anyone know if its possible to use an IP object group in an extended acl and then apply that acl to a route map?

 

Eg:

object-group network TestGroup
 172.16.100.0 255.255.255.0
 172.16.101.0 255.255.255.0
 172.16.102.0 255.255.255.0
 172.16.103.0 255.255.255.0
router bgp 65541
 bgp router-id 192.168.199.254
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 timers bgp 15 45
 neighbor 192.168.199.253 remote-as 65542
 neighbor 192.168.199.253 ebgp-multihop 5
 neighbor 192.168.199.253 password 7 XXXXXXXXXXXXXXXXXXXXXX
 !
 address-family ipv4
  redistribute connected
  neighbor 192.168.199.253 activate
  neighbor 192.168.199.253 default-originate
  neighbor 192.168.199.253 capability orf prefix-list send
  neighbor 192.168.199.253 soft-reconfiguration inbound
  neighbor 192.168.199.253 route-map OutboundBGP out
 exit-address-family
!
ip forward-protocol nd

ip access-list extended PermitRoute
 permit ip object-group TestGroup any
!
!
route-map OutboundBGP permit 10
 match ip address PermitRoute
 match source-protocol connected

I can't seem to get this configuration to work and I'm not even sure its supported.  This is Cisco IOS, NOT ASA and everything I appear to finding is either ASA specific to relates to policy-based routing or traffic filtering.  I'm looking to specifically not have to create a separate large list one by one using wildcard masks when i already have a large object group configured for other use cases.

 

Any ideas or feedback would be appreciated and thanks.

1 ACCEPTED SOLUTION

Accepted Solutions

Francesco Molino
VIP Mentor VIP Mentor
VIP Mentor
Hi

Using extended acl with route-maps, it won’t work the way you’re implementing it. On an extended acl with route-map, the source of the acl will be the prefix and the destination will be the prefix lenght.

What you can do to simplify it, it’s using prefix-list:
ip prefix-list TestGroup seq 10 permit 172.16.100.0/22 ge 24 le 24

This prefix list will take all your /24 in the /22 (from 100.0 to 103.255).

Then assign it to a route-map:
route-map test permit 10
match ip add pref TestGroup

And finally use this route-map on your bgp configuration.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

3 REPLIES 3

Francesco Molino
VIP Mentor VIP Mentor
VIP Mentor
Hi

Using extended acl with route-maps, it won’t work the way you’re implementing it. On an extended acl with route-map, the source of the acl will be the prefix and the destination will be the prefix lenght.

What you can do to simplify it, it’s using prefix-list:
ip prefix-list TestGroup seq 10 permit 172.16.100.0/22 ge 24 le 24

This prefix list will take all your /24 in the /22 (from 100.0 to 103.255).

Then assign it to a route-map:
route-map test permit 10
match ip add pref TestGroup

And finally use this route-map on your bgp configuration.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Thanks for the tip.

I ended up using prefix lists in almost exactly that way and it worked perfectly.

Glad it works

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: