APPLYING ACCESS LISTS  

Friday, November 14, 2008

this is as simple as childs play ... first create and access-list and deny 12 traffic and donot forget that there would be an implicit deny so be careful to permit all of the statements ...

CODE
sanjose#

sanjose#config t
Enter configuration commands, one per line. End with CNTL/Z.
sanjose(config)#ip access-list standard 10
sanjose(config-std-nacl)#deny 12.0.0.0 0.0.1.255
sanjose(config-std-nacl)#permit any
sanjose(config-std-nacl)#router bgp 100
sanjose(config-router)#neig 172.16.0.1 ?
activate Enable the Address Family for this Neighbor
advertise-map specify route-map for conditional advertisement
advertisement-interval Minimum interval between sending BGP routing updates
allowas-in Accept as-path with my AS present in it
capability Advertise capability to the peer
default-originate Originate default route to this neighbor
description Neighbor specific description
disable-connected-check One-hop away EBGP peer using loopback address
distribute-list Filter updates to/from this neighbor
dmzlink-bw Propagate the DMZ link bandwidth
ebgp-multihop Allow EBGP neighbors not on directly connected
networks
fall-over session fall on peer route lost
filter-list Establish BGP filters
inherit Inherit a template
local-as Specify a local-as number
maximum-prefix Maximum number of prefixes accepted from this peer
next-hop-self Disable the next hop calculation for this neighbor
next-hop-unchanged Propagate the iBGP paths's next hop unchanged for
this neighbor
password Set a password
peer-group Member of the peer-group
prefix-list Filter updates to/from this neighbor
remote-as Specify a BGP neighbor
remove-private-as Remove private AS number from outbound updates
route-map Apply route map to neighbor
route-reflector-client Configure a neighbor as Route Reflector client
send-community Send Community attribute to this neighbor
shutdown Administratively shut down this neighbor
soft-reconfiguration Per neighbor soft reconfiguration
timers BGP per neighbor timers
translate-update Translate Update to MBGP format
transport Transport options
ttl-security BGP ttl security check
unsuppress-map Route-map to selectively unsuppress suppressed
routes
update-source Source of routing updates
version Set the BGP version to match a neighbor
weight Set default weight for routes from this neighbor

sanjose(config-router)#neig 172.16.0.1 distribute-list ?
<1-199> IP access list number
<1300-2699> IP access list number (expanded range)
WORD IP Access-list name

sanjose(config-router)#neig 172.16.0.1 distribute-list 10 ?
in Filter incoming updates
out Filter outgoing updates

sanjose(config-router)#neig 172.16.0.1 distribute-list 10 out -------------------> sit on router yes imagine sitting on router and controlling traffic you would t know the direction as a piece of cake to configure tip from t.s chris bryant

sanjose(config-router)#end
sanjose#clear
*Mar 1 02:32:27.791: %SYS-5-CONFIG_I: Configured from console by console
sanjose#clear ip bgp * soft --------------------> soft reset which dosent tear any of the neig releationships
sanjose#
as#3
[Resuming connection 3 to r3 ... ]

isp2#show ip bgp
BGP table version is 6, local router ID is 172.16.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path ---------------------------> no 12 network
*> 172.16.1.0/24 0.0.0.0 0 32768 i
*> 192.168.0.0 172.16.0.2 0 0 100 i
*> 192.168.1.0 172.16.0.2 0 0 100 i
isp2#

Design by Blogger Buster | Distributed by Blogging Tips