05-23-2021 10:40 PM
Hi,
I am new to cisco and still learning my way around.
My questions is we have BGP neighborship configured on Cisco 4500 switch and distribute-list is used.
neighbor <IP> distribute-list 20 in
neighbor <IP> distribute-list 21 out
From what I learnt, distribute-list points to an access list. But when I run command show access-lists 20, or show access-lists 21 then there is no output.
My question here is that am I using right command to view the distribute lists. If yes, then does this mean that there is no restriction on the routes we receive and learn from this bgp neighborship.
Thanks for your time.
Solved! Go to Solution.
05-23-2021 11:15 PM
Hello @gryffindor ,
if
show access-list 20
and
show access-list 21
are empty the two ACLs are not existing and your understanding is correct : a non existing ACL behaves like a permit any.
Please note that as soon as you create a line for an ACL like
access-list 20 permt 100.100.100.0 0.0.0.0.255
the implicit deny any of the ACL applies and only prefix 100.100.100.0/24 is allowed by the ACL
So if you want to implement your ACLs either remove the commands under router bgp configure ACL 20 and ACL 21 as desidered and then apply again the filters to the neighbor or configure two ACLs with different numbers like 30 and 31.
Final note : there are also named ACLs , even if not recommended someone give to named ACLs a name that is actually a number.
Check with
show ip access-list
To find if there are named ACLs with name 20 and 21.
If not all what has been written before applies.
Hope to help
Giuseppe
05-23-2021 11:15 PM
Hello @gryffindor ,
if
show access-list 20
and
show access-list 21
are empty the two ACLs are not existing and your understanding is correct : a non existing ACL behaves like a permit any.
Please note that as soon as you create a line for an ACL like
access-list 20 permt 100.100.100.0 0.0.0.0.255
the implicit deny any of the ACL applies and only prefix 100.100.100.0/24 is allowed by the ACL
So if you want to implement your ACLs either remove the commands under router bgp configure ACL 20 and ACL 21 as desidered and then apply again the filters to the neighbor or configure two ACLs with different numbers like 30 and 31.
Final note : there are also named ACLs , even if not recommended someone give to named ACLs a name that is actually a number.
Check with
show ip access-list
To find if there are named ACLs with name 20 and 21.
If not all what has been written before applies.
Hope to help
Giuseppe
05-24-2021 12:09 AM
Hi Giuseppe,
Thanks a lot for your time & response. This will help me in applying the ACLs according to requirement.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide