Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
491
Views
5
Helpful
2
Replies

View distribute-lists in Cisco 4500

Go to solution
gryffindor
Level 1
Level 1

‎05-23-2021 10:40 PM

Hi,

 

I am new to cisco and still learning my way around. 

 

My questions is we have BGP neighborship configured on Cisco 4500 switch and distribute-list is used. 

neighbor <IP> distribute-list 20 in
neighbor <IP> distribute-list 21 out 

 

From what I learnt, distribute-list points to an access list. But when I run command show access-lists 20, or show access-lists 21 then there is no output.

My question here is that am I using right command to view the distribute lists. If yes, then does this mean that there is no restriction on the routes we receive and learn from this bgp neighborship.

 

Thanks for your time.

 

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎05-23-2021 11:15 PM

Hello @gryffindor ,

if

show access-list 20

 

and

show access-list 21

 

are empty the two ACLs are not existing and your understanding is correct : a non existing ACL behaves like a permit any.

 

Please note that as soon as you create a line for an ACL like

access-list 20 permt 100.100.100.0 0.0.0.0.255

 

the implicit deny any of the ACL applies and only prefix 100.100.100.0/24 is allowed by the ACL

 

So if you want to implement your ACLs either remove the commands under router bgp configure ACL 20 and ACL 21 as desidered and then apply again the filters to the neighbor or configure two ACLs with different numbers like 30 and 31.

 

Final note : there are also named ACLs , even if not recommended someone give to named ACLs a name that is actually a number.

 

Check with

show ip access-list

 

To find if there are named ACLs with name 20 and 21.

 

If not all what has been written before applies.

 

Hope to help

Giuseppe

 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎05-23-2021 11:15 PM

Hello @gryffindor ,

if

show access-list 20

 

and

show access-list 21

 

are empty the two ACLs are not existing and your understanding is correct : a non existing ACL behaves like a permit any.

 

Please note that as soon as you create a line for an ACL like

access-list 20 permt 100.100.100.0 0.0.0.0.255

 

the implicit deny any of the ACL applies and only prefix 100.100.100.0/24 is allowed by the ACL

 

So if you want to implement your ACLs either remove the commands under router bgp configure ACL 20 and ACL 21 as desidered and then apply again the filters to the neighbor or configure two ACLs with different numbers like 30 and 31.

 

Final note : there are also named ACLs , even if not recommended someone give to named ACLs a name that is actually a number.

 

Check with

show ip access-list

 

To find if there are named ACLs with name 20 and 21.

 

If not all what has been written before applies.

 

Hope to help

Giuseppe

 

0 Helpful

Go to solution
gryffindor
Level 1
Level 1

‎05-24-2021 12:09 AM

Hi Giuseppe,

 

Thanks a lot for your time & response. This will help me in applying the ACLs according to requirement.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card