[c-nsp] BGP Config

Nikos Leontsinis nikos at oteglobe.net
Fri Aug 13 12:55:57 EDT 2004


try

router bgp 1234
neighbor 1.1.1.1 prefix-list deny in

ip prefix-list deny-all deny 0.0.0.0/0 le 32



----- Original Message ----- 
From: <info at beprojects.com>
To: "Cisco Nsp" <cisco-nsp at puck.nether.net>
Sent: Friday, August 13, 2004 6:53 PM
Subject: Re: [c-nsp] BGP Config


> Isn't "permit nothing" the same as "deny everything"?
>
>
> ----- Original Message ----- 
> From: "Kristofer Sigurdsson" <ks at rhi.hi.is>
> To: <info at beprojects.com>
> Cc: "Cisco Nsp" <cisco-nsp at puck.nether.net>
> Sent: Friday, August 13, 2004 10:47 AM
> Subject: Re: [c-nsp] BGP Config
>
>
> > info at beprojects.com, Fri, Aug 13, 2004 at 10:08:46AM -0500 :
> > > OK, I'm having a brain freeze at the moment and can't figure out why
> this
> > > won't work.  I want to filter all incoming routes from a bgp neighbor
> and I
> > > swear I've used this in the past.  Does this look right, or am I
missing
> > > something (I cut out all of the non-useful info).
> > >
> > >
> > > router bgp 1234
> > >   neighbor 1.1.1.1 route-map DenyAll in
> > >
> > > ip access-list extended DENYALL
> > >  deny   ip any any
> >
> > This access list doesn't match anything...
> >
> > >
> > > route-map DenyAll permit 10
> > >  match ip address DENYALL
> >
> > This route map allows everything that matches the DENYALL access list,
> > which is nothing...
> >
> > You could try this:
> >
> > ip access-list extended DENYALL
> >   permit ip any any
> >
> > route-map DenyAll deny 10
> >   match ip address DENYALL
> >
> > -- 
> > Kristófer Sigurðsson    | Tel: +354 525 4103 / MSN: ks at rhi.hi.is
> > Netsérfræðingur/Network specialist | Reiknistofnun HÍ/University of
> Iceland
> >
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list