[nsp] ACL based on BGP community tag

Sean Donelan sean at donelan.com
Sat Jun 21 17:29:48 EDT 2003


In the same router, can anyone think of a way to set up the
equivalent of an interface ACL based on a BGP community tag?

What I would like to do is permit (or deny) traffic
from certain networks by tagging the routes in BGP, such
as only allowing "customer tagged" BGP routes to send
packets through an particular interface.  But I don't want
to change how the router passes traffic to/from other
interfaces.

In cisco-speak do I want to use BGP QOS Policy Propagation,
with a QOS policy of null routing the traffic?  Or is there
a better/simplier method?



More information about the cisco-nsp mailing list