08-26-2008 05:26 AM - edited 03-03-2019 11:16 PM
I'm currently building a config to multi-home my organization. My goals are to only accept default + local routes from my providers, and to stop any transit traffic through my network. The expression I plan to use is as follows:
neighbor x.x.x.x filter-list 1 out
!
ip as-path access-list 1 permit ^$
I know this will accomplish the 'no transit' part, but does it also allow me to accept only default and local routes? It's applied outbound so I'm thinking no.
Any help would be appreciated.
/rls
Solved! Go to Solution.
08-26-2008 09:00 AM
rls
You are quite right that the filter list that you post will be very effective in making sure that you do not become transit. But it will do nothing to control what you learn. You would want an inbound filter list to control what you learn. If one of your upstream providers were AS 123 then you might want a filter list that looks something like this:
neighbor x.x.x.x filter-list 5 in
!
ip as-path access-list 1 permit ^123$
this will permit only prefixes with exactly one AS number in the path and that number must be 123.
HTH
Rick
08-26-2008 07:41 AM
Here's a link that may help you accomplish your goal. If you need any additional clarification let us know
http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a008009456d.shtml
08-26-2008 09:00 AM
rls
You are quite right that the filter list that you post will be very effective in making sure that you do not become transit. But it will do nothing to control what you learn. You would want an inbound filter list to control what you learn. If one of your upstream providers were AS 123 then you might want a filter list that looks something like this:
neighbor x.x.x.x filter-list 5 in
!
ip as-path access-list 1 permit ^123$
this will permit only prefixes with exactly one AS number in the path and that number must be 123.
HTH
Rick
08-26-2008 09:15 AM
Thank you Rick, that is exactly what I was looking for. Since I sent out my message I've researched and added the same configs on both of my routers filtering the appropriate AS numbers on each.
Thanks again.
/rls
08-26-2008 09:22 AM
rls
I am glad that your issue is resolved and that my suggestions were helpful. Thank you for using the rating system to indicate that your issue was resolved (and thanks for the rating). It makes the forum more useful when people can read an issue and can know that there were resonses which did resolve the issue.
The forum is an excellent place to learn about Cisco networking. I encourage you to continnue your participation in the forum.
HTH
Rick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: