BGP filtering with Extended Access-list
In this example, we will filter the BGP routes by using extended access-list.
Here is the initial configuration of the router:
interface Loopback4
ip address 4.4.4.4 255.255.255.255
!
interface FastEthernet1/0
ip address 192.168.45.4 255.255.255.0
!
router bgp 4
no synchronization
bgp log-neighbor-changes
network 4.4.4.4 mask 255.255.255.255
neighbor 192.168.45.5 remote-as 5
no auto-summary
Here is the BGP table:
R4#show ip bgp
BGP table version is 4, local router ID is 192.168.0.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 4.4.4.4/32 0.0.0.0 0 32768 i
*> 5.5.5.5/32 192.168.45.5 0 0 5 i
*> 55.55.55.0/24 192.168.45.5 0 0 5 i
Lets filter the 55.55.55.0/24:
Firstly we will create an extended access-list.
Access-list name is R5-in.
We are matching both IP prefix and subnet mask in this extended access-list(Standard access-list matches just the prefix, not subnet mask):
ip access-list extended R5-in
deny ip host 55.55.55.0 host 255.255.255.0
permit ip any any
Then, we apply the named extended access-list to the BGP configuration by using distribute-list command:
R4(config)#router bgp 4
R4(config-router)#neighbor 192.168.45.5 distribute-list R5-in in
Then we see that 55.55.55.0/24 network is no longer exists:
R4#show ip bgp
BGP table version is 5, local router ID is 192.168.0.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 4.4.4.4/32 0.0.0.0 0 32768 i
*> 5.5.5.5/32 192.168.45.5 0 0 5 i
R4# show access-lists
Extended IP access list R5-in
10 deny ip host 55.55.55.0 host 255.255.255.0 (2 matches)
20 permit ip any any (2 matches)
No comments:
Post a Comment