- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-02-2020 04:36 PM
Does anyone know if its possible to use an IP object group in an extended acl and then apply that acl to a route map?
Eg:
object-group network TestGroup 172.16.100.0 255.255.255.0 172.16.101.0 255.255.255.0 172.16.102.0 255.255.255.0 172.16.103.0 255.255.255.0
router bgp 65541 bgp router-id 192.168.199.254 bgp log-neighbor-changes no bgp default ipv4-unicast timers bgp 15 45 neighbor 192.168.199.253 remote-as 65542 neighbor 192.168.199.253 ebgp-multihop 5 neighbor 192.168.199.253 password 7 XXXXXXXXXXXXXXXXXXXXXX ! address-family ipv4 redistribute connected neighbor 192.168.199.253 activate neighbor 192.168.199.253 default-originate neighbor 192.168.199.253 capability orf prefix-list send neighbor 192.168.199.253 soft-reconfiguration inbound neighbor 192.168.199.253 route-map OutboundBGP out exit-address-family ! ip forward-protocol nd ip access-list extended PermitRoute permit ip object-group TestGroup any ! ! route-map OutboundBGP permit 10 match ip address PermitRoute match source-protocol connected
I can't seem to get this configuration to work and I'm not even sure its supported. This is Cisco IOS, NOT ASA and everything I appear to finding is either ASA specific to relates to policy-based routing or traffic filtering. I'm looking to specifically not have to create a separate large list one by one using wildcard masks when i already have a large object group configured for other use cases.
Any ideas or feedback would be appreciated and thanks.
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-02-2020 09:22 PM
Using extended acl with route-maps, it won’t work the way you’re implementing it. On an extended acl with route-map, the source of the acl will be the prefix and the destination will be the prefix lenght.
What you can do to simplify it, it’s using prefix-list:
ip prefix-list TestGroup seq 10 permit 172.16.100.0/22 ge 24 le 24
This prefix list will take all your /24 in the /22 (from 100.0 to 103.255).
Then assign it to a route-map:
route-map test permit 10
match ip add pref TestGroup
And finally use this route-map on your bgp configuration.
Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-02-2020 09:22 PM
Using extended acl with route-maps, it won’t work the way you’re implementing it. On an extended acl with route-map, the source of the acl will be the prefix and the destination will be the prefix lenght.
What you can do to simplify it, it’s using prefix-list:
ip prefix-list TestGroup seq 10 permit 172.16.100.0/22 ge 24 le 24
This prefix list will take all your /24 in the /22 (from 100.0 to 103.255).
Then assign it to a route-map:
route-map test permit 10
match ip add pref TestGroup
And finally use this route-map on your bgp configuration.
Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-03-2020 11:05 PM
Thanks for the tip.
I ended up using prefix lists in almost exactly that way and it worked perfectly.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-04-2020 07:18 PM
Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
