01-20-2020 12:24 AM
Solved! Go to Solution.
01-20-2020 12:40 AM - edited 01-20-2020 12:43 AM
The ACL to allow routes originated from R2 at 64999 and learned through 646000 and 64000.
ip as-path access-list 10 permit ^64000_64600_64999$
01-20-2020 01:38 AM - edited 01-20-2020 01:41 AM
Hello,
it is unclear in which AS your R1 router is, is it 64000 ?
If you want to receive only routes from 64600 and neighbors directly attached to 64600, you can use the AS PATH access list below:
ip as-path access-list 1 permit ^64600_[0-9]*$
This will allow 64600 and any neighbors directly attached to 64600...
ip as-path access-list 1 permit ^64600_64999$
This will allow only routes from 64600 and the neighbor 64999 directly attached to 64600...
01-20-2020 12:40 AM - edited 01-20-2020 12:43 AM
The ACL to allow routes originated from R2 at 64999 and learned through 646000 and 64000.
ip as-path access-list 10 permit ^64000_64600_64999$
01-20-2020 01:37 AM
R2 is running 64600 with Firewall (iBGP) and has downstream AS connected as 64999. I want only local routes of R2 and connected AS routes at R1. No other routes except 64600 and 64999 should be in BGP table of R1
01-20-2020 01:40 AM
Then my above ACL should be fine as it will allows the route originated from 649999.
01-20-2020 01:37 AM
01-20-2020 07:35 AM
If R1 is in AS 64000, this access list will block all routes:
ip as-path access-list 10 permit ^64000_64600_64999$
That is because no route will ever match, as it has its own AS (64000) in the path.
01-20-2020 01:38 AM - edited 01-20-2020 01:41 AM
Hello,
it is unclear in which AS your R1 router is, is it 64000 ?
If you want to receive only routes from 64600 and neighbors directly attached to 64600, you can use the AS PATH access list below:
ip as-path access-list 1 permit ^64600_[0-9]*$
This will allow 64600 and any neighbors directly attached to 64600...
ip as-path access-list 1 permit ^64600_64999$
This will allow only routes from 64600 and the neighbor 64999 directly attached to 64600...
01-20-2020 01:42 AM
01-20-2020 07:37 AM
Hello,
actually, I think your AS path list needs two lines:
ip as-path access-list 1 permit ^64600$
ip as-path access-list 1 permit ^64600_64999$
If you just use the second line, you won't get networks originated in AS 64600, but only networks that originate in AS 64999 and that traverse AS 64600.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide