Marko, thanks for the tip. I know what you mean. Everything is OK in the peer-policy using outbound route-map and inbound prefix-list. The problem arises when configuring inbound route-map/filter-list in the template (even when not configuring them simultaneously, also I removed the inbound prefix-list in the template) . As I said, when assigning the inbound route-map/filter-list directly to the neighbor, the issue is solved.
On Wed, Oct 30, 2013 at 1:03 AM, Marko Milivojevic <[email protected]>wrote: > Mohammad, > > Please note the order of processing. > > Inbound: > 1) Route-map > 2) Filter-list > 3) Prefix-list > 3) -or- Distribute-list > > Outbound: > 1) Distribute-list > 1) -or- Prefix-list > 2) Filter-list > 3) Route-map > > This could be causing at least some of the issues you are seeing > (route-map appearing ineffective). As for the other cases, I have to admit > that's not how I understand IOS to work, but some more looking into could > be in order :-) > > > On Tue, Oct 29, 2013 at 2:20 PM, Mohammad Moghaddas < > [email protected]> wrote: > >> Hi Marko. >> >> Also, I tried to use a route-map matching the as-path, but still no >> result. I tried further and it seemed that the route-map is no functioning >> at all even when matching prefix-list !!! >> >> The below configuration didn't function using filter-list: >> >> ROUTER#sr | s as-path >> ip as-path access-list 100 deny _11111_ >> ip as-path access-list 100 permit .* >> >> ROUTER#sr | s prefix >> ip prefix-list COMPANY_IX-in seq 1 deny 0.0.0.0/0 >> ip prefix-list COMPANY_IX-in seq 2 deny 172.16.0.0/12 le 32 >> ip prefix-list COMPANY_IX-in seq 3 deny 10.0.0.0/8 le 32 >> ip prefix-list COMPANY_IX-in seq 4 deny 192.168.0.0/16 le 32 >> ip prefix-list COMPANY_IX-in seq 5 deny a.b.c.0/18 le 32 >> ip prefix-list COMPANY_IX-in seq 6 deny 127.0.0.0/8 le 32 >> ip prefix-list COMPANY_IX-in seq 7 deny 169.254.0.0/16 le 32 >> ip prefix-list COMPANY_IX-in seq 8 deny 224.0.0.0/3 le 32 >> ip prefix-list COMPANY_IX-in seq 9 deny 0.0.0.0/8 le 32 >> ip prefix-list COMPANY_IX-in seq 10 deny 0.0.0.0/0 ge 25 >> ip prefix-list COMPANY_IX-in seq 100 permit 0.0.0.0/0 le 32 >> >> ROUTER#s|b >> ! >> template peer-policy IX >> route-map IX_BGP-OUT out >> filter-list 100 in >> prefix-list COMPANY_IX-in in >> soft-reconfiguration inbound >> send-community both >> ! >> neighbor 10.234.230.61 remote-as 22222 >> neighbor 10.234.230.61 description IX_NEIGHBOR >> neighbor 10.234.230.61 inherit peer-policy IX >> >> ROUTER#clear ip bgp neigh 10.234.230.61 in >> ROUTER#sibn 10.234.230.61 routes | i 11111 >> !!!!THE ROUTES through AS11111 are showing up!!!! >> >> ROUTER#sh ip bgp rege _11111_ >> !!!!THE ROUTES through AS11111 are showing up!!!! >> >> Then I changed the below parts of the configuration: >> >> ROUTER#s|b >> ! >> template peer-policy IX >> NO filter-list 100 in >> ! >> neighbor 10.234.230.61 filter-list 100 in >> >> ROUTER#clear ip bgp neigh 10.234.230.61 in >> ROUTER#sibn 10.234.230.61 routes | i 11111 >> !!!!THE ROUTES through AS11111 are gone!!!! >> >> ROUTER#sh ip bgp rege _11111_ >> !!!!THE ROUTES through AS11111 are gone!!!! >> >> Best Regards, >> *Mohammad Moghaddas* >> >> >> On Wed, Oct 30, 2013 at 12:31 AM, Marko Milivojevic >> <[email protected]>wrote: >> >>> >>> Can you please post your relevant configurations as well as the test >>> results that show it not working? Thanks. >>> >>> -- >>> Marko Milivojevic - CCIE #18427 (SP R&S) >>> Senior CCIE Instructor / Managing Partner - IPexpert >>> >>> >>> On Tue, Oct 29, 2013 at 1:39 PM, Mohammad Moghaddas < >>> [email protected]> wrote: >>> >>>> Hi. >>>> >>>> Sorry for posting an OT. >>>> I've configured a filter-list in a "template peer-policy", but it's not >>>> functioning. >>>> But when assigning the filter-list directly to a neighbor, everything is >>>> fine. >>>> Is it something sort of an IOS bug? >>>> ROUTER(config)#do s ver >>>> Cisco IOS Software, c7600rsp72043_rp Software >>>> (c7600rsp72043_rp-ADVENTERPRISEK9-M), Version 15.1(3)S, RELEASE SOFTWARE >>>> (fc1) >>>> >>>> Best Regards, >>>> *Mohammad Moghaddas* >>>> _______________________________________________ >>>> For more information regarding industry leading CCIE Lab training, >>>> please visit www.ipexpert.com >>>> >>>> Are you a CCNP or CCIE and looking for a job? Check out >>>> www.PlatinumPlacement.com >>>> >>>> http://onlinestudylist.com/mailman/listinfo/ccie_rs >>>> >>> >>> >> > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
