did you mean to type ip as-path access-list 73 permit ^102(_[0-9]+*)*?$ On Sun, Nov 27, 2011 at 12:30 PM, James Roc <[email protected]> wrote:
> Hi All, > > This question asks to 'ensure that only directly connected clients of AS102 > can transit AS50'. > > AS101 - AS50 - AS102 - ASXXX > > The DSG uses the following inbound as-path acl on the AS50 router peering > to AS102: > > ip as-path access-list 73 permit ^102(_[0-9]+?$ > > This filters the required routes entering AS50 from AS102 but there are no > outbound filters. > > In the following topology, routes from AS101 could pass through AS50 to > AS102 and beyond. > > AS101 - AS50 - AS102 - ASXXX - AS300 > > So while AS101 would not have a synchronous return route, AS300 could still > transit AS50 to reach AS101. > > Given that changes can only be done on AS50, whats the best way to prevent > this? > > Cheers > James > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > To Unsubscribe from this list please visit the following link and follow > the directions to unsubscribe. > http://onlinestudylist.com/mailman/listinfo/ccie_rs > -- -- Olugbenga Oyebande MD, DAIT 234-803-302-5287 http://www.dait-ng.com Cisco Unified Network, VPN DAIT Enterprise Network Servers Broadband Internet Deployment & ISP Consultancy _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com To Unsubscribe from this list please visit the following link and follow the directions to unsubscribe. http://onlinestudylist.com/mailman/listinfo/ccie_rs
