From: Andy Nwebube (wizdata@xxxxxxxxxxx)
Date: Tue Oct 09 2001 - 10:02:05 GMT-3
What IOS are you using?... if I can remember, on previous versions,
accroding to cisco documentation, "route-map out" with extended access-lists
is not supported. try using a standard access-list. Or try upgrading the
IOS. It worked for me with 12.1
Andy CCIE #7980
----- Original Message -----
From: "Khalid Nafie" <knafie@ncr.com.kw>
To: "Cox, Bryan" <bryan.cox@avistacorp.com>; <ccielab@groupstudy.com>
Sent: Tuesday, October 09, 2001 9:07 AM
Subject: RE: extended acl with distribute-lists
> Hi there,
> did u try
> access-list 12 deny ip 137.20.0.0 0.0.255.0
>
> or
> access-list 102 deny ip 137.20.0.0 0.0.255.0 any
>
> let me know if it worked.
>
> -----Original Message-----
> From: Cox, Bryan [mailto:bryan.cox@avistacorp.com]
> Sent: Monday, October 08, 2001 8:23 PM
> To: 'ccielab@groupstudy.com'
> Subject: extended acl with distribute-lists
>
>
> Group,
>
> This one is puzzling me and I think I understand it yet it still remains
> unresolved...
>
> I am just trying to filter /24 routes from the BGP updates. Thus I apply
> the 102 access-list. However a look at the route table below reveals that
> the /24 routes continue to leak in without being screened.
>
> I also tried to screen out any /24 route with a 137.20.0.0/16 prefix.
This
> was easily accomplished with an prefix-list but I have not had success
with
> an extended access-list. I tried
>
> access-list 102 deny ip 137.20.0.0 0.0.255.255 255.255.255.0 0.0.0.0
> access-list 102 per ip any any
>
> I also tried
>
> access-list 102 deny ip 137.20.0.0 0.0.255.0 255.255.255.0 0.0.0.0
> access-list 102 per ip any any
>
> Every time the route table looks the same....
>
> Here are portions of the config:
>
> router bgp 3
> network 160.10.10.0 mask 255.255.255.0
> network 161.10.10.0 mask 255.255.255.0
> network 170.10.10.0 mask 255.255.255.0
> network 172.168.70.0 mask 255.255.255.0
> aggregate-address 160.0.0.0 240.0.0.0
> neighbor 200.200.200.1 remote-as 2
> neighbor 200.200.200.1 ebgp-multihop 2
> neighbor 200.200.200.1 route-map setmed out
> distribute-list 102 in
> !
> ip classless
> ip route 200.200.200.0 255.255.255.0 137.20.10.1
> ip bgp-community new-format
> !
> access-list 1 permit any
> access-list 101 permit ip any 200.200.200.0 0.0.0.255
> access-list 102 deny ip 0.0.0.0 255.255.255.0 host 255.255.255.0
> access-list 102 permit ip any any
>
> An excerpt of the route table follows:
>
> 137.20.0.0/16 is variably subnetted, 17 subnets, 6 masks
> B 137.20.200.16/28 [20/969] via 200.200.200.1, 00:06:21
> B 137.20.240.1/32 [20/870] via 200.200.200.1, 00:06:21
> B 137.20.30.0/24 [20/939] via 200.200.200.1, 00:06:21
> B 137.20.25.0/24 [20/0] via 200.200.200.1, 00:06:21
> B 137.20.20.0/24 [20/934] via 200.200.200.1, 00:06:21
> B 137.20.60.1/32 [20/880] via 200.200.200.1, 00:06:21
> B 137.20.40.16/28 [20/969] via 200.200.200.1, 00:06:21
> B 137.20.48.0/20 [20/0] via 200.200.200.1, 00:06:22
> B 137.20.33.0/26 [20/934] via 200.200.200.1, 00:06:22
> B 137.20.90.0/24 [20/0] via 200.200.200.1, 00:06:22
> B 137.20.81.0/24 [20/0] via 200.200.200.1, 00:06:22
> B 137.20.80.0/20 [20/0] via 200.200.200.1, 00:06:22
> B 137.20.80.0/24 [20/0] via 200.200.200.1, 00:06:22
> B 137.20.82.0/24 [20/0] via 200.200.200.1, 00:06:22
> B 137.20.100.32/27 [20/933] via 200.200.200.1, 00:06:22
> B 137.20.64.0/20 [20/879] via 200.200.200.1, 00:06:22
> 200.200.100.0/32 is subnetted, 1 subnets
> B 200.200.100.1 [20/934] via 200.200.200.1, 00:06:22
> 172.168.0.0/24 is subnetted, 2 subnets
> B 172.168.80.0 [20/0] via 200.200.200.1, 00:06:22
> B* 0.0.0.0/0 [20/0] via 200.200.200.1, 00:06:22
> B 160.0.0.0/4 [200/0] via 0.0.0.0, 00:06:22, Null0
>
>
> Any ideas?
>
> Bryan Cox
> San Jose October 25th.
This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 22:33:15 GMT-3