Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

acl group + route map

Hello,

What happen when I have acl group configured on the interface and route-map on the BGP?

i.e.

interface fastethernet 0/0

description to the INTERNET

ip address 10.10.10.1 255.255.255.252

ip access-group AAA in

router BGP 1000

neighbor 10.10.10.2 remote-as 2000

neighbor 10.10.10.2 route-map yyy in

ip access-list extended AAA

permit ip host 23.0.0.1 any

deny ip any any

ip access-list extended xxx

permit ip any any

route-map yyy permit 10

match ip address xxx

1 REPLY
Hall of Fame Super Silver

acl group + route map

The access-group assigned on the interface and the route-map assigned to the BGP neighbor have different functionality and each will do the function that you have assigned through them.

The access-group assigns access list AAA to filter data traffic that is inbound on interface FastEth0/0 and all traffic coming in on that interface must be evaluated by the access list.

The route map assigned to the BGP neighbor will evaluate routes advertised by the neighbor and routes that are advertised and permitted by the route map will be placed into the BGP tables.

The outcome of the configuration as you have posted it would be this:

- the route map uses access list xxx which permits all routes that are advertised from this neighbor.

- the access list on the interface permits only traffic from source address 23.0.0.1.

- since the BGP neighbor is reached through interface FastEth0/0 the BGP packets received from that neighbor are evaluated by access list AAA and are not permitted.

- since no BGP traffic from the neighbor is permitted the BGP neighbor relationship will not be completed and no routes will be learned from that neighbor.

HTH

Rick

86
Views
0
Helpful
1
Replies
CreatePlease to create content