Please do a 'show access-list' and provide output. If you are not getting
any hits, then there is definitely an issue. If possible also a 'show run'
for just the ACL would be nice as well. I chose the prefix list because it
fits nice when filtering prefixes. The fact that it is NX-OS will not change
much with regards to an ACL.
HTH
Marc
On Wed, Aug 3, 2011 at 11:40 AM, Joe Astorino <joeastorino1982_at_gmail.com>wrote:
> Technically, your extended access-list looks fine, and I think it SHOULD
> work. With that being said, I have not played with NX-OS and I have also
> seen stranger things. Try simplifying your ACL to a standard ACL such as
> "access-list 1 permit 0.0.0.0" or try the IP prefix-list as mentioned by
> somebody else in the thread. After you make that change, clear your BGP
> neighbors (don't forget soft if it is a production box) and let us know.
>
>
> On Tue, Aug 2, 2011 at 11:50 PM, Kiran Parashare <kiran.ccie_at_gmail.com>wrote:
>
>> Hi Guys,
>>
>> I am using ip access-list as shown, i can see the default route at the
>> other end but also getting other routes as well.
>> Does it make difference if i use prefix-list instead ip access-list ??
>>
>> I wanted N7KB shd receive only default route from N7KA.
>> Dont know why implicit deny not working in above acl
>>
>> i couldnt check prefix-list since N7K in production/ if its related to NX
>> OS.
>>
>> Regards,
>> Kiran
>>
>>
>> On Tue, Aug 2, 2011 at 11:46 PM, marc edwards <renorider_at_gmail.com>wrote:
>>
>>> Use a prefix list and attach this to your route map
>>>
>>> ip prefix list PERMITDEFAULT permit 0.0.0.0/0
>>> HTH
>>>
>>> Marc
>>> On Tue, Aug 2, 2011 at 8:29 AM, Joe Astorino <joeastorino1982_at_gmail.com>wrote:
>>>
>>>> try this
>>>>
>>>> access-list 1 permit 0.0.0.0
>>>>
>>>>
>>>> On Tue, Aug 2, 2011 at 7:35 AM, Kiran Parashare <kiran.ccie_at_gmail.com
>>>> >wrote:
>>>>
>>>> > Hello Guys,
>>>> >
>>>> > Below config i made on the N7K-A , ebgp peering with N7K-B and N7K-B
>>>> shd
>>>> > receive only default routes but i can see default routes along with
>>>> other
>>>> > routes as well, dont know if any different config needs to do under
>>>> ACL,
>>>> > please suggest.
>>>> >
>>>> > N7K-A
>>>> > router bgp 64522
>>>> > template peer N7K
>>>> > address-family ipv4 unicast
>>>> > send-community
>>>> > route-map B out
>>>> > default-originate
>>>> > next-hop-self
>>>> > neighbor 10.10.120.4 remote-as 64521
>>>> > inherit peer N7K
>>>> > address-family ipv4 unicast
>>>> >
>>>> > !
>>>> > route-map B
>>>> > match ip address A
>>>> > !
>>>> > ip access-list A
>>>> > permit ip host 0.0.0.0 host 0.0.0.0
>>>> >
>>>> > I tried deny any any also at end above.
>>>> >
>>>> > Under neighbor statement, there Address-family, can i config the
>>>> route-map
>>>> > over there??
>>>> >
>>>> > Regards, /Kiran
>>>> >
>>>> >
>>>> > Blogs and organic groups at http://www.ccie.net
>>>> >
>>>> >
>>>> _______________________________________________________________________
>>>> > Subscription information may be found at:
>>>> > http://www.groupstudy.com/list/CCIELab.html
>>>> >
>>>> >
>>>> >
>>>> >
>>>> >
>>>> >
>>>> >
>>>> >
>>>>
>>>>
>>>> --
>>>> Regards,
>>>>
>>>> Joe Astorino
>>>> CCIE #24347
>>>> Blog: http://astorinonetworks.com
>>>>
>>>> "He not busy being born is busy dying" - Dylan
>>>>
>>>>
>>>> Blogs and organic groups at http://www.ccie.net
>>>>
>>>> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>
>
>
> --
> Regards,
>
> Joe Astorino
> CCIE #24347
> Blog: http://astorinonetworks.com
>
> "He not busy being born is busy dying" - Dylan
Blogs and organic groups at http://www.ccie.net
Received on Wed Aug 03 2011 - 13:56:41 ART
This archive was generated by hypermail 2.2.0 : Thu Sep 01 2011 - 06:05:56 ART