Filter
Top Products
Use Route Maps and Other Filters to Filter and Alter BGP and OSPF Routes | Page 11
BGP: Configuring Distribute Filters
BGP: Configuring Distribute Filters
Distribute filters use ACLs (Access Control Lists) to filter particular routes on the basis of
their prefixes. Distribute filters and prefix filters both filter individual routes out of BGP
update packets. They are mutually exclusive.
About ACLs
From the point of view of route filtering, an ACL is one or more simple unnumbered filter
entries, each with a prefix and an action of deny or permit.
You can use any of the following syntax options to create the ACL entries. The main
difference is in how you label the ACL—whether you use a name or a number.
access-list standard <name> {deny|permit} <ipadd/prefixlength>
exact-match
access-list <1-99> {deny|permit} <ipadd> <reverse-mask>
access-list <1300-1999> {deny|permit} <ipadd> <reverse-mask>
Entries are unnumbered, so each new entry gets added to the end of the ACL.
Named ACLs Using a standard named ACL lets you specify whether the prefix needs to be an exact match
or not. If you specify exact-match, then routes only match the ACL if they have the specified
prefix length. Otherwise, routes match the ACL if they have a prefix length equal to or longer
than the specified prefix length. For example, if you specify 10.0.0.0/8, then:
without exact-match, the ACL matches all of 10.0.0.0/8–10.0.0.0/32
with exact-match, the ACL only matches 10.0.0.0/8
Numbered
ACLs
For numbered ACLs, the mask is a reverse (or wildcard) mask. This is the opposite of a
standard mask in dotted decimal notation. However—in line with industry standards—the
mask value has no effect. The ACL always applies to all prefix lengths.
Extended ACLs You can also use an extended ACL (number range 100-199, or 2000-2699, or by using the
extended <name> parameter) but there is no advantage to doing so. Extended ACLs
include two prefixes (source and destination), and using two prefixes is meaningless when
filtering routes.