Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Filter routes

Hi expert,

I would like to filter a route which is exactly match the condition. Below is the requirement:

A.

1. allow 192.168.30.0/30

2. not allow 192.168.30.0/29 or other

3. not allow 192.168.30.0/31 or other.

B.

1. not allow 192.168.30.0/30

2. allow 192.168.30.0/29 or other

3. allow 192.168.30.0/31 or other.

It seems that ACL cannot do it. please advise.

rdgs

Anita

1 ACCEPTED SOLUTION

Accepted Solutions
Purple

Filter routes

Hi,

yes it will deny everything else except 192.168.30.0/30

Regards.

Alain.

Don't forget to rate helpful posts.
10 REPLIES

Filter routes

Hi Anita,

Use prefix-list

A. permit 192.168.30.0 ge /30 will block all other which has subnet less than /30

B. You need to add permit statement for just 192.168.30.0/30 only.

Regards,

Smitesh

Filter routes

Hi Anita,

I would suggest you to use route-map in order to get your required routes filter.

A.
1. allow 192.168.30.0/30
2. not allow 192.168.30.0/29 or other
3. not allow 192.168.30.0/31 or other.

ip access ex 100
permit ip 192.168.30.0 0.0.0.3
deny any any

route-map Route_filter1 permit 10
match ip address 100


B.
1. not allow 192.168.30.0/30
2. allow 192.168.30.0/29 or other
3. allow 192.168.30.0/31 or other.


ip access ex 200
permit ip 192.168.30.0 0.0.0.7
permit ip 192.168.30.0 0.0.0.2
deny any any

route-map Route_filter1 permit 10
match ip address 200


Please rate the helpfull posts.
Regards,
Naidu.

New Member

Filter routes

Dear Naidu,

For A, if there is a route 192.168.30.0 255.255.255.254 (192.168.30.0/31), it should be cover by ACL 100 becasue 0.0.0.3 should include it. Not sure that I am right or wrong. please advise.

How to allow the route "/30" but not accept "/31", "/32"?

rdgs

Anita

Filter routes

Hi Anita,


How to allow the route "/30" but not accept "/31", "/32"?

You can use the below one..

ip access ex 200
permit ip 192.168.30.0 0.0.0.3
deny any any


Please rate the helpfull posts.
Regards,
Naidu.

New Member

Filter routes

Hi Naidu,

If the route is 192.168.30.0 0.0.0.1, the ACL 200 should pernit it. Is it correct?

rdge

Anita

Purple

Filter routes

Hi,

the only way to filter prefixes and prefix-length is with a prefix-list.

It may be configure with a special  extended ACL but I don't know if it will work in every routing protocols( I know it's possible with BGP).In this case you match the prefix-length with the destination part, it should be something like this:

for permitting only 192.168.1.0/24: access-list 100 permit 192.168.1.0 0.0.0.255 255.255.255.0 0.0.0.255

But the prefix-list is the tool to use for such cases as it is easier to implement.

Regards.

Alain

Don't forget to rate helpful posts.
New Member

Filter routes

Dear Alain,

Please see if it is working or not.

For A:

ip prefix-list abc seq 5 deny 192.168.30.0 gt 30

ip prefix-list abc seq 10 deny 192.168.30.0 le 30

ip prefix-list abc seq 15 permit any

For B:

ip prefix-list abc seq 5 permit 192.168.30.0 gt 30

ip prefix-list abc seq 10 premit 192.168.30.0 le 30

rdgs

Anita

Purple

Filter routes

Hi,

for A: denying /29 and /31 but permitting anything else included /30

ip prefix-list abc seq 5 deny 192.168.30.0/29

ip prefix-list abc seq 10 deny 192.168.30.0/31

ip prefix-list abc seq 15 permit 0.0.0.0/0 le 32

for B: denying /30 but permitting anything else included /29 and /31

ip prefix-list abc seq 5 deny 192.168.30.0/30

ip prefix-list abc seq 10 permit  0.0.0.0/0 le 32

Regards.

Alain

Don't forget to rate helpful posts.
New Member

Filter routes

Hi Alain,

Does it work for A:

ip prefix-list abc seq 5 permit 192.168.30.0/30

could it block 192.168.30.0/32, /31, /29, /28.....

rdgs

Anita

Purple

Filter routes

Hi,

yes it will deny everything else except 192.168.30.0/30

Regards.

Alain.

Don't forget to rate helpful posts.
312
Views
0
Helpful
10
Replies
CreatePlease to create content