From: Valiente, Rafael (rafael.valiente@bt.es)
Date: Mon Jan 13 2003 - 13:17:16 GMT-3
If I'm not wrong you can also use extended acl to block most specific
network
access-list 101 permit ip 12.0.0.0 0.0.0.255 255.255.255.0 255.255.255.255
access-list 102 permit ip 12.0.0.0 0.0.255.255 255.255.0.0 255.255.255.255
101 allow only 12.0.0.0/24 and 102 12.0.0.0/16
Has anybody a link where explain how this acl must be configured ? I have
read several example and they don't use the same rules.
The rule I have tested and it seems is correct is:
a.- As source configure the network and inverse mask of the network you wish
to match
acl 101: 12.0.0.0 0.0.0.255
acl 102: 12.0.0.0 0.0.255.255
b.- As destination network configure the mask of the network ( not inverse
mask ) and 255.255.255.255 as mask
acl 101: 255.255.255.0 255.255.255.255
acl 102: 255.255.0.0 255.255.255.255
Can anybody confirm if this is correct ?
Thank you
Rafa
-----Mensaje original-----
De: Brian T. Albert [mailto:brian.albert@worldnet.att.net]
Enviado el: domingo 12 de enero de 2003 6:40
Para: Mustafa M Bayramov; ccielab@groupstudy.com
Asunto: RE: Route-map and BGP
How about using a 2 prefix-lists instead, such as
ip prefix-list PREPEND seq 5 permit 12.0.0.0/24
ip prefix-list SETMET seq 5 permit 12.0.0.0/16
route-map advert permit 10
match ip address prefix-list PREPEND
set as-path prepend 1 1 1
!
route-map advert permit 20
match ip address prefix-list SETMET
set metric 200
!
route-map advert permit 30
Brian T. Albert
CCIE #9682
brian.albert@worldnet.att.net
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Mustafa M Bayramov
Sent: Saturday, January 11, 2003 7:41 PM
To: ccielab@groupstudy.com
Subject: Route-map and BGP
Dear group
I have trouble with router-map and access-list for EBGP originated
packet.
My configuration.
router bgp 1
network 12.0.0.0 mask 255.255.255.0
network 13.0.0.0 mask 255.255.255.0
network 14.0.0.0 mask 255.255.255.0
network 15.0.0.0 mask 255.255.255.0
aggregate-address 12.0.0.0 255.255.0.0
neighbor 11.0.0.2 remote-as 2
neighbor 11.0.0.2 route-map advert out
access-list 111 permit ip host 12.0.0.0 0.0.0.255 any
access-list 111 deny ip any any
access-list 113 permit ip 12.0.0.0 0.0.255.255 any
access-list 113 deny ip any any
route-map advert permit 10
match ip address 111
set as-path prepend 1 1 1
!
route-map advert permit 20
match ip address 113
set metric 200
Problem is in router map it doesn't work correct.
When the condition in advert seq 10 is meet router-map select both
Updates 12.0.0.0/24 and 12.0.0.0/16 and set as-path attribute, as
I understand router-map doesn't check mask in ACL.
What I want it prepend my AS only for 12.0.0.0/24 class and leave
12.0.0.0/16.
How I can achieve my task?
Mustafa
.
.
**********************************************
Noticia legal
Este mensaje electrsnico contiene informacisn de BT Ignite Espaqa S.A.U. que
es privada y confidencial, siendo para el uso exclusivo de la persona (s) o
entidades arriba mencionadas. Si usted no es el destinatario seqalado, le
informamos que cualquier divulgacisn, copia, distribucisn o uso de los
contenidos esta prohibida. Si usted ha recibido este mensaje por error, por
favor borre su contenido lo antes posible.
Gracias.
.
This archive was generated by hypermail 2.1.4 : Sat Feb 01 2003 - 07:33:48 GMT-3