We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is Why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 588 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

 

318 New Members signed up the last 30 days!

satisfaction-guaranteed

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags:


Forum Replies

  1. Rene,
    Great lesson to understand community. I have question if we have two loopbacks for instance 2.2.2.2/32 on R1 and I would like to advertize this and block 1.1.1.1/32. Do I need an ACL to match under route-map?

    Please confirm
    Hamood

  2. Hi Hamood,

    That's right, in this example I used a really simple route-map but you could do something like this:

    access-list 1 permit host 1.1.1.1
    
    route-map NO_ADVERTISE deny 10
    match ip address 1
    set community no-advertise
    
    route-map NO_ADVERTISE permit 20

    The first route-map statement will deny everything that matches access-list 1, the second route-map statement is required to permit everything else.

    Rene

  3. Hello Salvatore,

    This should work...1.1.1.1/32 is not in your prefix-list so it should be permitted. I just checked it to be sure and it's working for me.

    Any chance you got the wrong route-map on R1? :slight_smile:

    R1#
    ip prefix-list LOOPBACK permit 1.0.0.1/32
    !
    route-map SET_NOADVERTISE permit 10
     match ip address prefix-list LOOPBACK
     set community no-advertise
    !
    route-map SET_NOADVERTISE permit 20
    !
    router bgp 1
     bgp log-neighbor-changes
     network 1.1.1.1 mask 255.255.255.255
     neighbor 192.168.12.2 remote-as 24
     neighbor 192.168.12.2 send-community
     neighbor 192.168.12.2 route-map SET_NOADVERTISE out

    R2#show ip bgp | include 1.1.1.1
     *>  1.1.1.1/32       192.168.12.1             0             0 1 i

    Rene

  4. I think the route map with deny statement will deny everything that permitted in access-list statement, so the outbound routes will be filtered if we use the route map with redistribution or with community or any other case, I also check it out with a lab and I see the route 1.1.1.1 in your case will not announce even to R2 !!! If I did not understand, is it possible to clarify this case more ???

  5. Let me give an example to avoid confusion. To keep it simple and fast, I'll use EIGRP and a distribute-list. Here's R1:

    R1#show run | begin router eigrp
    router eigrp 1
     network 0.0.0.0

    and R2:

    R2#show run | begin router eigrp
    router eigrp 1
     network 0.0.0.0

    R1 has two loopback interfaces that are advertised to R2:

    R2#show ip route eigrp 
    
          1.0.0.0/24 is subnetted, 1 subnets
    D        1.1.1.0 [90/130816] via 192.168.12.1, 00:02:32, GigabitEthernet0/1
          11.0.0.0/24 is subnetted, 1 subnets
    D        11.11.11.0 [90/130816] via 192.168.12.1, 00:02:32, GigabitEthernet0/1

    It has learned 1.1.1.0/24 and 11.11.11.0/24. Let's add a distribute-list:

    R1(config)#router eigrp 1
    R1(config-router)#distribute-list route-map NO_ADVERTISE out

    Here's a route-map:

    R1(config)#access-list 1 permit 1.1.1.0 0.0.0.255
    
    R1(config)#route-map NO_ADVERTISE deny 10
    R1(config-route-map)#match ip address 1

    Here's what we have on R2:

    R2#show ip route eigrp

    It's empty...why? the first route-map statement denies what we have in our access-list. The second (invisible) route-map statement is also a deny which prevents 11.11.11.0/24 from being advertised. If we want this, we have to add a permit:

    R1(config)#route-map NO_ADVERTISE permit 20

    This empty permit, permits everything since there is no match command. The result:

    R2#show ip route eigrp 
    
    D        11.11.11.0 [90/130816] via 192.168.12.1, 00:00:30, GigabitEthernet0/1

    Rene

11 more replies! Ask a question or join the discussion by visiting our Community Forum