I will try it on this weekene on live boxes.
I simulated in dynamips, its work with prefix-list and std acl but same
result with use of extended acl.
Will let u know guys abt after i put prefix or std acl on N7K.
Thanks. /Kiran
On Thu, Aug 4, 2011 at 4:56 AM, marc edwards <renorider_at_gmail.com> wrote:
> Please do a 'show access-list' and provide output. If you are not getting
> any hits, then there is definitely an issue. If possible also a 'show run'
> for just the ACL would be nice as well. I chose the prefix list because it
> fits nice when filtering prefixes. The fact that it is NX-OS will not change
> much with regards to an ACL.
>
> HTH
>
> Marc
>
>
> On Wed, Aug 3, 2011 at 11:40 AM, Joe Astorino <joeastorino1982_at_gmail.com>wrote:
>
>> Technically, your extended access-list looks fine, and I think it SHOULD
>> work. With that being said, I have not played with NX-OS and I have also
>> seen stranger things. Try simplifying your ACL to a standard ACL such as
>> "access-list 1 permit 0.0.0.0" or try the IP prefix-list as mentioned by
>> somebody else in the thread. After you make that change, clear your BGP
>> neighbors (don't forget soft if it is a production box) and let us know.
>>
>>
>> On Tue, Aug 2, 2011 at 11:50 PM, Kiran Parashare <kiran.ccie_at_gmail.com>wrote:
>>
>>> Hi Guys,
>>>
>>> I am using ip access-list as shown, i can see the default route at the
>>> other end but also getting other routes as well.
>>> Does it make difference if i use prefix-list instead ip access-list ??
>>>
>>> I wanted N7KB shd receive only default route from N7KA.
>>> Dont know why implicit deny not working in above acl
>>>
>>> i couldnt check prefix-list since N7K in production/ if its related to NX
>>> OS.
>>>
>>> Regards,
>>> Kiran
>>>
>>>
>>> On Tue, Aug 2, 2011 at 11:46 PM, marc edwards <renorider_at_gmail.com>wrote:
>>>
>>>> Use a prefix list and attach this to your route map
>>>>
>>>> ip prefix list PERMITDEFAULT permit 0.0.0.0/0
>>>> HTH
>>>>
>>>> Marc
>>>> On Tue, Aug 2, 2011 at 8:29 AM, Joe Astorino <joeastorino1982_at_gmail.com
>>>> > wrote:
>>>>
>>>>> try this
>>>>>
>>>>> access-list 1 permit 0.0.0.0
>>>>>
>>>>>
>>>>> On Tue, Aug 2, 2011 at 7:35 AM, Kiran Parashare <kiran.ccie_at_gmail.com
>>>>> >wrote:
>>>>>
>>>>> > Hello Guys,
>>>>> >
>>>>> > Below config i made on the N7K-A , ebgp peering with N7K-B and N7K-B
>>>>> shd
>>>>> > receive only default routes but i can see default routes along with
>>>>> other
>>>>> > routes as well, dont know if any different config needs to do under
>>>>> ACL,
>>>>> > please suggest.
>>>>> >
>>>>> > N7K-A
>>>>> > router bgp 64522
>>>>> > template peer N7K
>>>>> > address-family ipv4 unicast
>>>>> > send-community
>>>>> > route-map B out
>>>>> > default-originate
>>>>> > next-hop-self
>>>>> > neighbor 10.10.120.4 remote-as 64521
>>>>> > inherit peer N7K
>>>>> > address-family ipv4 unicast
>>>>> >
>>>>> > !
>>>>> > route-map B
>>>>> > match ip address A
>>>>> > !
>>>>> > ip access-list A
>>>>> > permit ip host 0.0.0.0 host 0.0.0.0
>>>>> >
>>>>> > I tried deny any any also at end above.
>>>>> >
>>>>> > Under neighbor statement, there Address-family, can i config the
>>>>> route-map
>>>>> > over there??
>>>>> >
>>>>> > Regards, /Kiran
>>>>> >
>>>>> >
>>>>> > Blogs and organic groups at http://www.ccie.net
>>>>> >
>>>>> >
>>>>> _______________________________________________________________________
>>>>> > Subscription information may be found at:
>>>>> > http://www.groupstudy.com/list/CCIELab.html
>>>>> >
>>>>> >
>>>>> >
>>>>> >
>>>>> >
>>>>> >
>>>>> >
>>>>> >
>>>>>
>>>>>
>>>>> --
>>>>> Regards,
>>>>>
>>>>> Joe Astorino
>>>>> CCIE #24347
>>>>> Blog: http://astorinonetworks.com
>>>>>
>>>>> "He not busy being born is busy dying" - Dylan
>>>>>
>>>>>
>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>
>>>>> _______________________________________________________________________
>>>>> Subscription information may be found at:
>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>>
>> --
>> Regards,
>>
>> Joe Astorino
>> CCIE #24347
>> Blog: http://astorinonetworks.com
>>
>> "He not busy being born is busy dying" - Dylan
Blogs and organic groups at http://www.ccie.net
Received on Thu Aug 04 2011 - 09:19:23 ART
This archive was generated by hypermail 2.2.0 : Thu Sep 01 2011 - 06:05:56 ART