Cisco Systems ME3400G2CSA Configuring BGP Filtering by Neighbor

32-49

Cisco ME 3400 EthernetAccess Switch SoftwareConfiguration Guide

78-17058-01

Chapter32 Configuring IP Unicast Routing Configuring BGP

Configuring BGP Filtering by Neighbor

You can filter BGP advertisements by using AS-path filters, such as the as-path access-list global

configuration command and the neighbor filter-list router configuration command. You can also use

access lists with the neighbor distribute-list router configuration command. Distribute-list filters are

applied to network numbers. See the “Controlling Advertising and Processing in Routing Updates”

section on page 32-80 for information about the distribute-list command.

You can use route maps on a per-neighbor basis to f ilter updates an d to modify v arious attrib utes. A ro ute

map can be applied to either inbound or outbound updates. Onl y the rout es th at p ass the r oute map a re

sent or accepted in updates. On both inbound and outbound updates, matching is supported based on AS

path, community, and network numbers. Autonomous system path matching requires the match as-path

access-list route-map command, community based matching requires the match community-list

route-map command, and network-based matching requires the ip access-list global configurati on

command.

Beginning in privileged EXEC mode, follow these steps to apply a per-neighbor route map:

Use the no neighbor distribute-list command to remove the access list from the neighbor. Use the no

neighbor route-map map-tag router configuration command to remove the route map from the

neighbor.

Another method of filtering is to specify an access list filter on both incoming and outbound updates,

based on the BGP autonomous system paths. Each filter is an access list based on regular expressions.

(See the “Regular Expressions” appendix in the Cisco IOS Dial Technologies Command Reference,

Release 12.2 for more information on forming regular expressio ns. ) To use this method, de fine an

autonomous system path access list, and apply it to updates to and from particular neighbors.

Beginning in privileged EXEC mode, follow these steps to configure BGP path filtering:

Command Purpose

Step1 configure terminal Enter global configuration mode.

Step2 router bgp autonomous-system Enable a BGP routing process, assign it an AS number, and enter

router configuration mode.

Step3 neighbor {ip-address | peer-group name}

distribute-list {access-list-number | name}

{in | out}

(Optional) Filter BGP routing updates to or from neighbors as

specified in an access list.

Note You can also use the neighbor prefix-list router

configuration command to filter updates, but you cannot use

both commands to configure the same BGP peer.

Step4 neighbor {ip-address | peer-group name}

route-map map-tag {in | out}(Optional) Apply a route map to filter an incoming or ou tgoing

route.

Step5 end Return to privileged EXEC mode.

Step6 show ip bgp neighbors Verify the configuration.

Step7 copy running-config startup-config (Optional) Save your entries in the configuration file.

Command Purpose

Step1 configure terminal Enter global configuration mode.

Step2 ip as-path access-list access-list-number

{permit | deny} as-regular-expressions Define a BGP-related access list.