Solved: Possible to use a network-object object group in bgp route-map?

MaeltorSYN · ‎06-02-2020

Does anyone know if its possible to use an IP object group in an extended acl and then apply that acl to a route map?

Eg:

object-group network TestGroup
 172.16.100.0 255.255.255.0
 172.16.101.0 255.255.255.0
 172.16.102.0 255.255.255.0
 172.16.103.0 255.255.255.0

router bgp 65541
 bgp router-id 192.168.199.254
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 timers bgp 15 45
 neighbor 192.168.199.253 remote-as 65542
 neighbor 192.168.199.253 ebgp-multihop 5
 neighbor 192.168.199.253 password 7 XXXXXXXXXXXXXXXXXXXXXX
 !
 address-family ipv4
  redistribute connected
  neighbor 192.168.199.253 activate
  neighbor 192.168.199.253 default-originate
  neighbor 192.168.199.253 capability orf prefix-list send
  neighbor 192.168.199.253 soft-reconfiguration inbound
  neighbor 192.168.199.253 route-map OutboundBGP out
 exit-address-family
!
ip forward-protocol nd

ip access-list extended PermitRoute
 permit ip object-group TestGroup any
!
!
route-map OutboundBGP permit 10
 match ip address PermitRoute
 match source-protocol connected

I can't seem to get this configuration to work and I'm not even sure its supported. This is Cisco IOS, NOT ASA and everything I appear to finding is either ASA specific to relates to policy-based routing or traffic filtering. I'm looking to specifically not have to create a separate large list one by one using wildcard masks when i already have a large object group configured for other use cases.

Any ideas or feedback would be appreciated and thanks.

Francesco Molino · ‎06-02-2020

Hi

Using extended acl with route-maps, it won’t work the way you’re implementing it. On an extended acl with route-map, the source of the acl will be the prefix and the destination will be the prefix lenght.

What you can do to simplify it, it’s using prefix-list:
ip prefix-list TestGroup seq 10 permit 172.16.100.0/22 ge 24 le 24

This prefix list will take all your /24 in the /22 (from 100.0 to 103.255).

Then assign it to a route-map:
route-map test permit 10
match ip add pref TestGroup

And finally use this route-map on your bgp configuration.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

Francesco Molino · ‎06-02-2020

Hi

Using extended acl with route-maps, it won’t work the way you’re implementing it. On an extended acl with route-map, the source of the acl will be the prefix and the destination will be the prefix lenght.

What you can do to simplify it, it’s using prefix-list:
ip prefix-list TestGroup seq 10 permit 172.16.100.0/22 ge 24 le 24

This prefix list will take all your /24 in the /22 (from 100.0 to 103.255).

Then assign it to a route-map:
route-map test permit 10
match ip add pref TestGroup

And finally use this route-map on your bgp configuration.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

MaeltorSYN · ‎06-03-2020

Thanks for the tip.

I ended up using prefix lists in almost exactly that way and it worked perfectly.

Francesco Molino · ‎06-04-2020

Glad it works

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question