From: alsontra@hotmail.com
Date: Sat Feb 28 2004 - 19:13:36 GMT-3
This is an interesting question, and here are my thoughts.
Univercd says that filter-lists use as-path access-list as quoted below:
"In addition to filtering routing updates based on network numbers, you can
specify an access list filter on both incoming and outbound updates based on
the BGP autonomous system paths. Each filter is an access list based on
regular expressions. To specify the access list filter, define an autonomous
system path access list and apply it to updates to and from particular
neighbors. See the "Regular Expressions" appendix in the Cisco IOS Terminal
Services Configuration Guide for more information on forming regular
expressions. "
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipr_c/ipcprt2/1cfbgp.htm
The Cisco Press BGP command configuration Handbook states that filter-list
use as-path information to filter updates, in or out. Neither of these
references states that an access-list can be used in the match clause for
the filter-list. Further, all of the examples for filter-lists only use
as-path lists. As far as the documentation goes, the dilemma your asking
about could not occur.
I configured ip access-lists in the place of as-path list and quickly
discovered that access-list will not work. It appears that if you specify an
access-list instead of an as-path list your basically giving a null
condition that filters all prefixes from the targeted neighbor.
<no filter applied>
R5#sh ip bgp
BGP table version is 4, local router ID is 223.1.1.5
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 3.3.3.0/24 223.1.1.3 0 0 300 i
*> 3.4.4.0/24 223.1.1.3 0 0 300 i
* 190.1.1.0/24 223.1.1.6 0 100 i
*> 223.1.1.2 0 100 i
+++++++All prefixes show up, no filters applied++++++++++++++
<access-list applied to neighbor 223.1.1.3 in for 3.3.3.0/24 prefix>
R5#sh ip bgp
BGP table version is 2, local router ID is 223.1.1.5
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 190.1.1.0/24 223.1.1.6 0 100 i
++++++++Filters all routes from neighbor 223.1.1.3++++++++++++
Those are my findings. Access-list cannot be used with neighbor filter list
option in IOS12.2. Perhaps one of the more senior members of this groups
knows a trick to make this work, but the docs and my finding say it no
suppose to work. If in fact that was your question?? :-)
02
Alsontra
----- Original Message -----
From: "ccie2be" <ccie2be@nyc.rr.com>
To: "Group Study" <ccielab@groupstudy.com>
Sent: Friday, February 27, 2004 1:16 PM
Subject: BGP command: neighbor .... filter-list #
> Hi team,
>
> In the above command can the number refer to a regular standard or
extended
> access list or does it have to apply to an 'ip as-path access-list'?
>
> I ask because I saw an example in a practice lab where the # refers to a
> regular access list, but I had always thought it had to refer to an ip
as-path
> access-list.
>
> Also, if it can refer to either, what would happen if both types of
> access-lists were configured with the same number?
>
> thanks in advance
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Mar 05 2004 - 07:13:59 GMT-3