RE: BGP filter

From: John Hever (john.hever@xxxxxxxxxxxxxxxxxxxxxxxxxxxx)
Date: Fri Aug 17 2001 - 08:27:08 GMT-3

• Next message: Paul Crist: "Re: BGP filter"
• Previous message: Christopher Dosch: "Security CCIE"
• Maybe in reply to: Fear, Russell H: "BGP filter"
• Next in thread: Paul Crist: "Re: BGP filter"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Russell/Stevie,

My understanding (please correct me if I am wrong) is that you are using and
extended acccess list to permit an aggregate route and deny the specific
routes?

Therefore I believe that the statement should be:

Access-list 103 permit ip 192.201.48.0 0.0.3.255 255.255.252.0 0.0.0.0

As the second address/mask pair will indicate the mask size, not destination
address and mask as in a normal extended access list.

So the first address/mask pair define the address prefix (which both the
aggergate and the specific routes will match) and the second address/mask
pair define the mask length (which only the aggregate route will match).

HTH

John

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Stephen Oliver
Sent: 17 August 2001 10:07
To: Russell.Fear@capgemini.co.uk; ccielab@groupstudy.com
Subject: Re: BGP filter

Try

Access-list 103 permit ip 192.201.48.0 0.0.3.255 any

Stevie.

>From: "Fear, Russell H" <Russell.Fear@capgemini.co.uk>
>Reply-To: "Fear, Russell H" <Russell.Fear@capgemini.co.uk>
>To: "'ccielab@groupstudy.com'" <ccielab@groupstudy.com>
>Subject: BGP filter
>Date: Fri, 17 Aug 2001 09:34:09 +0100
>
>Can someone in the group tell me where I'm going wrong here ?
>
>I have networks 194.201.48.0/24 - 194.201.51.0/24 plus the aggregate of
>194.201.48.0/22 being advertised by a BGP speaker. I am trying various
>kinds
>of filters and the one I cannot get to work is the following.
>
>neighbour 172.168.16.1 distribute-list 103 out
>
>access-list 103 permit ip host 194.201.48.0 host 255.255.252.0
>
>The aggregate does not even reach the BGP table in the second router.I've
>checked the syntax and I think that this should let the aggregate only
>through.
>
>
>Any obvious mistakes ?
>
>
>Russell
>
>
>***************************************************************************
*****************
>" This message contains information that may be privileged or confidential
>and
>is the property of the Cap Gemini Ernst & Young Group. It is intended only
>for
>the person to whom it is addressed. If you are not the intended recipient,
>you
>are not authorized to read, print, retain, copy, disseminate, distribute,
>or use
>this message or any part thereof. If you receive this message in error,
>please
>notify the sender immediately and delete all copies of this message ".
>***************************************************************************
*****************
>**Please read:http://www.groupstudy.com/list/posting.html

• Next message: Paul Crist: "Re: BGP filter"
• Previous message: Christopher Dosch: "Security CCIE"
• Maybe in reply to: Fear, Russell H: "BGP filter"
• Next in thread: Paul Crist: "Re: BGP filter"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:52 GMT-3