Configuring BGP4
December 2005 © Foundry Networks, Inc. 21 - 41
FESX424 Router(config-bgp-router)# address-filter 1 deny 209.157.0.0 255.255.0.0
Syntax: address-filter <num> permit | deny <ip-addr> <wildcard> <mask> <wildcard>
The <num> parameter is the filter number.
The permit | deny parameter indicates the action the Layer 3 Switch takes if the filter match is true.
• If you specify permit, the Layer 3 Switch permits the route into the BGP4 table if the filter match is true.
• If you specify deny, the Layer 3 Switch denies the route from entering the BGP4 table if the filter match is true.
NOTE: Once you define a filter, the default action for addresses that do not match a filter is “deny”. To change
the default action to “permit”, configure the last filter as “permit any any”.
The <ip-addr> parameter specifies the IP address. If you want the filter to match on all addresses, enter any.
The <wildcard> parameter specifies the portion of the IP address to match against. The <wildcard> is a four-part
value in dotted-decimal notation (IP address format) consisting of ones and zeros. Zeros in the mask mean the
packet’s source address must match the <source-ip>. Ones mean any value matches. For example, the
<ip-addr> and <wildcard> values 209.157.22.26 0.0.0.255 mean that all hosts in the Class C sub-net 209.157.22.x
match the policy.
If you prefer to specify the wildcard (mask value) in Classless Interdomain Routing (CIDR) format, you can enter a
forward slash after the IP address, then enter the number of significant bits in the mask. For example, you can
enter the CIDR equivalent of “209.157.22.26 0.0.0.255” as “209.157.22.26/24”. The CLI automatically converts
the CIDR number into the appropriate mask (where zeros instead of ones are the significant bits) and changes the
non-significant portion of the IP address into zeros. For example, if you specify 209.157.22.26/24 or
209.157.22.26 0.0.0.255, then save the changes to the startup-config file, the value appears as 209.157.22.0/24
(if you have enabled display of sub-net lengths) or 209.157.22.0 0.0.0.255 in the startup-config file.
If you enable the software to display IP sub-net masks in CIDR format, the mask is saved in the file in “/<mask-
bits>” format. To enable the software to display the CIDR masks, enter the ip show-subnet-length command at
the global CONFIG level of the CLI. You can use the CIDR format to configure the filter regardless of whether the
software is configured to display the masks in CIDR format.
The <mask> parameter specifies the network mask. If you want the filter to match on all destination addresses,
enter any. The wildcard works the same as described above.
Filtering AS-Paths
You can filter updates received from BGP4 neighbors based on the contents of the AS-path list accompanying the
updates. For example, if you want to deny routes that have the AS 4.3.2.1 in the AS-path from entering the BGP4
route table, you can define a filter to deny such routes.
The Layer 3 Switch provides the following methods for filtering on AS-path information:
• AS-path filters
• AS-path ACLs
NOTE: The Layer 3 Switch cannot actively support AS-path filters and AS-path ACLs at the same time. Use one
method or the other but do not mix methods.
NOTE: Once you define a filter or ACL, the default action for updates that do not match a filter is “deny”. To
change the default action to “permit”, configure the last filter or ACL as “permit any any”.
AS-path filters or AS-path ACLs can be referred to by a BGP neighbor's filter list number as well as by match
statements in a route map.
Defining an AS-Path Filter
To define AS-path filter 4 to permit AS 2500, enter the following command:
To Next Page
Loading...
Need help?
General
