Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

acl group + route map


What happen when I have acl group configured on the interface and route-map on the BGP?


interface fastethernet 0/0

description to the INTERNET

ip address

ip access-group AAA in

router BGP 1000

neighbor remote-as 2000

neighbor route-map yyy in

ip access-list extended AAA

permit ip host any

deny ip any any

ip access-list extended xxx

permit ip any any

route-map yyy permit 10

match ip address xxx

Hall of Fame Super Silver

acl group + route map

The access-group assigned on the interface and the route-map assigned to the BGP neighbor have different functionality and each will do the function that you have assigned through them.

The access-group assigns access list AAA to filter data traffic that is inbound on interface FastEth0/0 and all traffic coming in on that interface must be evaluated by the access list.

The route map assigned to the BGP neighbor will evaluate routes advertised by the neighbor and routes that are advertised and permitted by the route map will be placed into the BGP tables.

The outcome of the configuration as you have posted it would be this:

- the route map uses access list xxx which permits all routes that are advertised from this neighbor.

- the access list on the interface permits only traffic from source address

- since the BGP neighbor is reached through interface FastEth0/0 the BGP packets received from that neighbor are evaluated by access list AAA and are not permitted.

- since no BGP traffic from the neighbor is permitted the BGP neighbor relationship will not be completed and no routes will be learned from that neighbor.



CreatePlease to create content