cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
367
Views
5
Helpful
4
Replies

Route filtering help

rsamuel708
Level 1
Level 1

I'm currently building a config to multi-home my organization. My goals are to only accept default + local routes from my providers, and to stop any transit traffic through my network. The expression I plan to use is as follows:

neighbor x.x.x.x filter-list 1 out

!

ip as-path access-list 1 permit ^$

I know this will accomplish the 'no transit' part, but does it also allow me to accept only default and local routes? It's applied outbound so I'm thinking no.

Any help would be appreciated.

/rls

1 Accepted Solution

Accepted Solutions

rls

You are quite right that the filter list that you post will be very effective in making sure that you do not become transit. But it will do nothing to control what you learn. You would want an inbound filter list to control what you learn. If one of your upstream providers were AS 123 then you might want a filter list that looks something like this:

neighbor x.x.x.x filter-list 5 in

!

ip as-path access-list 1 permit ^123$

this will permit only prefixes with exactly one AS number in the path and that number must be 123.

HTH

Rick

HTH

Rick

View solution in original post

4 Replies 4

gojericho0
Level 1
Level 1

Here's a link that may help you accomplish your goal. If you need any additional clarification let us know

http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a008009456d.shtml

rls

You are quite right that the filter list that you post will be very effective in making sure that you do not become transit. But it will do nothing to control what you learn. You would want an inbound filter list to control what you learn. If one of your upstream providers were AS 123 then you might want a filter list that looks something like this:

neighbor x.x.x.x filter-list 5 in

!

ip as-path access-list 1 permit ^123$

this will permit only prefixes with exactly one AS number in the path and that number must be 123.

HTH

Rick

HTH

Rick

Thank you Rick, that is exactly what I was looking for. Since I sent out my message I've researched and added the same configs on both of my routers filtering the appropriate AS numbers on each.

Thanks again.

/rls

rls

I am glad that your issue is resolved and that my suggestions were helpful. Thank you for using the rating system to indicate that your issue was resolved (and thanks for the rating). It makes the forum more useful when people can read an issue and can know that there were resonses which did resolve the issue.

The forum is an excellent place to learn about Cisco networking. I encourage you to continnue your participation in the forum.

HTH

Rick

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco