Re: OT* Nexus OS- N7K

Technically, your extended access-list looks fine, and I think it SHOULD
work. With that being said, I have not played with NX-OS and I have also
seen stranger things. Try simplifying your ACL to a standard ACL such as
"access-list 1 permit 0.0.0.0" or try the IP prefix-list as mentioned by
somebody else in the thread. After you make that change, clear your BGP
neighbors (don't forget soft if it is a production box) and let us know.

On Tue, Aug 2, 2011 at 11:50 PM, Kiran Parashare <kiran.ccie_at_gmail.com>wrote:

> Hi Guys,
>
> I am using ip access-list as shown, i can see the default route at the
> other end but also getting other routes as well.
> Does it make difference if i use prefix-list instead ip access-list ??
>
> I wanted N7KB shd receive only default route from N7KA.
> Dont know why implicit deny not working in above acl
>
> i couldnt check prefix-list since N7K in production/ if its related to NX
> OS.
>
> Regards,
> Kiran
>
>
> On Tue, Aug 2, 2011 at 11:46 PM, marc edwards <renorider_at_gmail.com> wrote:
>
>> Use a prefix list and attach this to your route map
>>
>> ip prefix list PERMITDEFAULT permit 0.0.0.0/0
>> HTH
>>
>> Marc
>> On Tue, Aug 2, 2011 at 8:29 AM, Joe Astorino <joeastorino1982_at_gmail.com>wrote:
>>
>>> try this
>>>
>>> access-list 1 permit 0.0.0.0
>>>
>>>
>>> On Tue, Aug 2, 2011 at 7:35 AM, Kiran Parashare <kiran.ccie_at_gmail.com
>>> >wrote:
>>>
>>> > Hello Guys,
>>> >
>>> > Below config i made on the N7K-A , ebgp peering with N7K-B and N7K-B
>>> shd
>>> > receive only default routes but i can see default routes along with
>>> other
>>> > routes as well, dont know if any different config needs to do under
>>> ACL,
>>> > please suggest.
>>> >
>>> > N7K-A
>>> > router bgp 64522
>>> > template peer N7K
>>> > address-family ipv4 unicast
>>> > send-community
>>> > route-map B out
>>> > default-originate
>>> > next-hop-self
>>> > neighbor 10.10.120.4 remote-as 64521
>>> > inherit peer N7K
>>> > address-family ipv4 unicast
>>> >
>>> > !
>>> > route-map B
>>> > match ip address A
>>> > !
>>> > ip access-list A
>>> > permit ip host 0.0.0.0 host 0.0.0.0
>>> >
>>> > I tried deny any any also at end above.
>>> >
>>> > Under neighbor statement, there Address-family, can i config the
>>> route-map
>>> > over there??
>>> >
>>> > Regards, /Kiran
>>> >
>>> >
>>> > Blogs and organic groups at http://www.ccie.net
>>> >
>>> > _______________________________________________________________________
>>> > Subscription information may be found at:
>>> > http://www.groupstudy.com/list/CCIELab.html
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >
>>>
>>>
>>> --
>>> Regards,
>>>
>>> Joe Astorino
>>> CCIE #24347
>>> Blog: http://astorinonetworks.com
>>>
>>> "He not busy being born is busy dying" - Dylan
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>

-- 
Regards,
Joe Astorino
CCIE #24347
Blog: http://astorinonetworks.com
"He not busy being born is busy dying" - Dylan
Blogs and organic groups at http://www.ccie.net