[c-nsp] Access list question
Vinny Abello
vinny at tellurian.com
Tue Oct 30 22:36:39 EDT 2007
On Oct 30, 2007, at 10:17 PM, Jefri Abdullah wrote:
> Dear List,
>
> I've two routers running ibgp as routing protocol, some how, one of
> these router should advertise network 0.0.0.0 (via default-information
> network statement) to another ebgp peer. But the ibgp peer should deny
> to receive this network.
>
> Trying this access-list but failed, because my router denying all
> route came from ibgp peer:
>
> Standard IP access list TEST
> 10 deny 0.0.0.0
> 20 permit any
>
> It's also impossible for me to permitting all prefix than at the end
> deny any, since the network advertised by ibgp is very large. Any
> other option to block prefix 0.0.0.0 but still receiving other prefix?
Standard access-lists are too open ended, so your first line is
essentially everything.
Try using a prefix-list instead:
ip prefix-list test deny 0.0.0.0/0
ip prefix-list test permit 0.0.0.0/0 le 32
That *should* deny the specific prefix which is your default route but
allow all other routes through up to a /32. Associate the prefix-list
with your bgp peer in the desired direction:
neighbor 1.2.3.4 prefix-list test in
See if that does what you are looking for. I haven't tested it myself
but I think that will work for you.
More information about the cisco-nsp
mailing list