Options
BGP filters...
jason_lunde
Member Posts: 567
in CCNP
So just a quick question...these two commands did not do the same thing in my lab, but I had expected them to. What I thought was that either way they would block the same network from being advertised to a router (neighbor 192.168.1.5, out of serial 0)
I set up a prefix list (superonly) allowing the networks I wanted through, and then issued this command:
SanJose2(config-router)neighbor 192.168.1.5 prefix-list superonly out
(RESULT-The proper network was blocked)
I thought that I could give this command and get the same results:
SanJose2(config-router)#distribute-list prefix superonly out serial 0
(RESULT- The network that I wanted blocked was allowed through)
So can anyone clear my confusion on these two commands. I merely thought that the first one, defining the neighbor was more specific. The second I thought would block the network from any downstream routers out of s0.
thanks in advance guys.
I set up a prefix list (superonly) allowing the networks I wanted through, and then issued this command:
SanJose2(config-router)neighbor 192.168.1.5 prefix-list superonly out
(RESULT-The proper network was blocked)
I thought that I could give this command and get the same results:
SanJose2(config-router)#distribute-list prefix superonly out serial 0
(RESULT- The network that I wanted blocked was allowed through)
So can anyone clear my confusion on these two commands. I merely thought that the first one, defining the neighbor was more specific. The second I thought would block the network from any downstream routers out of s0.
thanks in advance guys.
Comments
-
Options
networker050184
Mod Posts: 11,962 Mod
That is one of those commands that is there even though it doesn't work. The distribute-list command does work when redistributing though.An expert is a man who has made all the mistakes which can be made. -
Options
kryolla
Member Posts: 785
it works you just have to play with it or it might be just for neighbors. Did you reset the neighbor
After playing with this you can't filter routes out an interface but per neighbor with the nieghbor command or all neighbors with distribute-list.
BGP prefixes or NLRI are advertised per neighbor and not per interface as in IGPStudying for CCIE and drinking Home Brew -
Optionsnetworker050184
Mod Posts: 11,962 Mod
it works you just have to play with it or it might be just for neighbors. Did you reset the neighbor
After playing with this you can't filter routes out an interface but per neighbor with the nieghbor command or all neighbors with distribute-list.
BGP prefixes or NLRI are advertised per neighbor and not per interface as in IGP
Yes it works great for neighbors, but even though the interface key word is there it doesn't do anything.An expert is a man who has made all the mistakes which can be made.