Hi Mohammad,
This does look like a strange behavior at first. Can you try removing 'soft-reconifguration inbound' from under the template to see if that helps. Have you tested this configuration on other IOS versions? If this works on others & not on this specific IOS version then it well may be an issue with an IOS. I will setup a few devices in lab sometime later to test if the above config / logic works on other IOS versions. (There is no reason why it shouold not, but it is good to give it a shot!) Hope this helps! Thanks, Narendra Naukwal On Wednesday, 30 October 2013 11:05 AM, Mohammad Moghaddas <[email protected]> wrote: Yep. But nothing changed. So it seens that I'm experiencing an IOS bug in template peer-policy, right? (Please excuse misspelled words, sentence structure and the brevity of this email as it was sent via Galaxy-Note2) On Oct 30, 2013 3:23 AM, "Marko Milivojevic" <[email protected]> wrote: > Did you clear the sessions when you made the changes? > > > On Tue, Oct 29, 2013 at 2:42 PM, Mohammad Moghaddas < > [email protected]> wrote: > >> Marko, >> >> thanks for the tip. >> I know what you mean. Everything is OK in the peer-policy using outbound >> route-map and inbound prefix-list. >> The problem arises when configuring inbound route-map/filter-list in the >> template (even when not configuring them simultaneously, also I removed the >> inbound prefix-list in the template) . As I said, when assigning the >> inbound route-map/filter-list directly to the neighbor, the issue is solved. >> >> >> On Wed, Oct 30, 2013 at 1:03 AM, Marko Milivojevic >> <[email protected]>wrote: >> >>> Mohammad, >>> >>> Please note the order of processing. >>> >>> Inbound: >>> 1) Route-map >>> 2) Filter-list >>> 3) Prefix-list >>> 3) -or- Distribute-list >>> >>> Outbound: >>> 1) Distribute-list >>> 1) -or- Prefix-list >>> 2) Filter-list >>> 3) Route-map >>> >>> This could be causing at least some of the issues you are seeing >>> (route-map appearing ineffective). As for the other cases, I have to admit >>> that's not how I understand IOS to work, but some more looking into could >>> be in order :-) >>> >>> >>> On Tue, Oct 29, 2013 at 2:20 PM, Mohammad Moghaddas < >>> [email protected]> wrote: >>> >>>> Hi Marko. >>>> >>>> Also, I tried to use a route-map matching the as-path, but still no >>>> result. I tried further and it seemed that the route-map is no functioning >>>> at all even when matching prefix-list !!! >>>> >>>> The below configuration didn't function using filter-list: >>>> >>>> ROUTER#sr | s as-path >>>> ip as-path access-list 100 deny _11111_ >>>> ip as-path access-list 100 permit .* >>>> >>>> ROUTER#sr | s prefix >>>> ip prefix-list COMPANY_IX-in seq 1 deny 0.0.0.0/0 >>>> ip prefix-list COMPANY_IX-in seq 2 deny 172.16.0.0/12 le 32 >>>> ip prefix-list COMPANY_IX-in seq 3 deny 10.0.0.0/8 le 32 >>>> ip prefix-list COMPANY_IX-in seq 4 deny 192.168.0.0/16 le 32 >>>> ip prefix-list COMPANY_IX-in seq 5 deny a.b.c.0/18 le 32 >>>> ip prefix-list COMPANY_IX-in seq 6 deny 127.0.0.0/8 le 32 >>>> ip prefix-list COMPANY_IX-in seq 7 deny 169.254.0.0/16 le 32 >>>> ip prefix-list COMPANY_IX-in seq 8 deny 224.0.0.0/3 le 32 >>>> ip prefix-list COMPANY_IX-in seq 9 deny 0.0.0.0/8 le 32 >>>> ip prefix-list COMPANY_IX-in seq 10 deny 0.0.0.0/0 ge 25 >>>> ip prefix-list COMPANY_IX-in seq 100 permit 0.0.0.0/0 le 32 >>>> >>>> ROUTER#s|b >>>> ! >>>> template peer-policy IX >>>> route-map IX_BGP-OUT out >>>> filter-list 100 in >>>> prefix-list COMPANY_IX-in in >>>> soft-reconfiguration inbound >>>> send-community both >>>> ! >>>> neighbor 10.234.230.61 remote-as 22222 >>>> neighbor 10.234.230.61 description IX_NEIGHBOR >>>> neighbor 10.234.230.61 inherit peer-policy IX >>>> >>>> ROUTER#clear ip bgp neigh 10.234.230.61 in >>>> ROUTER#sibn 10.234.230.61 routes | i 11111 >>>> !!!!THE ROUTES through AS11111 are showing up!!!! >>>> >>>> ROUTER#sh ip bgp rege _11111_ >>>> !!!!THE ROUTES through AS11111 are showing up!!!! >>>> >>>> Then I changed the below parts of the configuration: >>>> >>>> ROUTER#s|b >>>> ! >>>> template peer-policy IX >>>> NO filter-list 100 in >>>> ! >>>> neighbor 10.234.230.61 filter-list 100 in >>>> >>>> ROUTER#clear ip bgp neigh 10.234.230.61 in >>>> ROUTER#sibn 10.234.230.61 routes | i 11111 >>>> !!!!THE ROUTES through AS11111 are gone!!!! >>>> >>>> ROUTER#sh ip bgp rege _11111_ >>>> !!!!THE ROUTES through AS11111 are gone!!!! >>>> >>>> Best Regards, >>>> *Mohammad Moghaddas* >>>> >>>> >>>> On Wed, Oct 30, 2013 at 12:31 AM, Marko Milivojevic < >>>> [email protected]> wrote: >>>> >>>>> >>>>> Can you please post your relevant configurations as well as the test >>>>> results that show it not working? Thanks. >>>>> >>>>> -- >>>>> Marko Milivojevic - CCIE #18427 (SP R&S) >>>>> Senior CCIE Instructor / Managing Partner - IPexpert >>>>> >>>>> >>>>> On Tue, Oct 29, 2013 at 1:39 PM, Mohammad Moghaddas < >>>>> [email protected]> wrote: >>>>> >>>>>> Hi. >>>>>> >>>>>> Sorry for posting an OT. >>>>>> I've configured a filter-list in a "template peer-policy", but it's >>>>>> not >>>>>> functioning. >>>>>> But when assigning the filter-list directly to a neighbor, everything >>>>>> is >>>>>> fine. >>>>>> Is it something sort of an IOS bug? >>>>>> ROUTER(config)#do s ver >>>>>> Cisco IOS Software, c7600rsp72043_rp Software >>>>>> (c7600rsp72043_rp-ADVENTERPRISEK9-M), Version 15.1(3)S, RELEASE >>>>>> SOFTWARE >>>>>> (fc1) >>>>>> >>>>>> Best Regards, >>>>>> *Mohammad Moghaddas* >>>>>> _______________________________________________ >>>>>> For more information regarding industry leading CCIE Lab training, >>>>>> please visit www.ipexpert.com >>>>>> >>>>>> Are you a CCNP or CCIE and looking for a job? Check out >>>>>> www.PlatinumPlacement.com >>>>>> >>>>>> http://onlinestudylist.com/mailman/listinfo/ccie_rs >>>>>> >>>>> >>>>> >>>> >>> >> > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
