[c-nsp] BGP Config
info at beprojects.com
info at beprojects.com
Fri Aug 13 11:53:59 EDT 2004
Isn't "permit nothing" the same as "deny everything"?
----- Original Message -----
From: "Kristofer Sigurdsson" <ks at rhi.hi.is>
To: <info at beprojects.com>
Cc: "Cisco Nsp" <cisco-nsp at puck.nether.net>
Sent: Friday, August 13, 2004 10:47 AM
Subject: Re: [c-nsp] BGP Config
> info at beprojects.com, Fri, Aug 13, 2004 at 10:08:46AM -0500 :
> > OK, I'm having a brain freeze at the moment and can't figure out why
this
> > won't work. I want to filter all incoming routes from a bgp neighbor
and I
> > swear I've used this in the past. Does this look right, or am I missing
> > something (I cut out all of the non-useful info).
> >
> >
> > router bgp 1234
> > neighbor 1.1.1.1 route-map DenyAll in
> >
> > ip access-list extended DENYALL
> > deny ip any any
>
> This access list doesn't match anything...
>
> >
> > route-map DenyAll permit 10
> > match ip address DENYALL
>
> This route map allows everything that matches the DENYALL access list,
> which is nothing...
>
> You could try this:
>
> ip access-list extended DENYALL
> permit ip any any
>
> route-map DenyAll deny 10
> match ip address DENYALL
>
> --
> Kristófer Sigurðsson | Tel: +354 525 4103 / MSN: ks at rhi.hi.is
> Netsérfræðingur/Network specialist | Reiknistofnun HÍ/University of
Iceland
>
More information about the cisco-nsp
mailing list