Can someone help me understand if I am reading this correctly or not? My understanding for any access-list/prefix-list etc. that entries are read top-down until a match is made and this is absolute. For example, if I wanted to write a distribute-list to deny the route 1.0.0.0/8 from R1-R2 and allow all others, I could do this:
access-list 1 deny 1.0.0.0 0.0.0.255 access-list 1 permit any ! router bgp 200 neighbor 10.1.12.1 distribute-list in In the cisco documentation Cisco IOS IP Routing Protocols Command Reference http://www.cisco.com/en/US/docs/ios/iproute/command/reference/irp_bgp2.html#wp1014625 I see the following descriptions. I understand they are showing bgp process level distribute/prefix lists and not neighbor specific, but aren't the entries out of order meaning the deny all should come last? Examples In the following example, a prefix list and distribute list are defined to configure the BGP routing process to accept traffic from only network 192.168.1.0 and network 10.108.0.0. An inbound route refresh is initiated to activate the distribute-list. Router(config)# ip prefix-list RED deny 0.0.0.0/0 le 32 --- WOULDN'T THIS DENY ALL ROUTES? Default seq would be 5,10,15 and so on. Router(config)# ip prefix-1ist RED permit 10.108.0.0/16 Router(config)# ip prefix-list RED permit 192.168.1.0/24 Router(config)# router bgp 50000 Router(config-router)# network 10.108.0.0 Router(config-router)# distribute-list prefix RED in In the following example, an access list and distribute list are defined to configure the BGP routing process to accept traffic from only network 192.168.1.0 and network 10.108.0.0. An inbound route refresh is initiated to activate the distribute-list. Router(config)# access-list 1 deny 0.0.0.0 255.255.255.255 --AGAIN, SAME QUESTION THIS IS EFFECTIVELY DENY ANY Router(config)# access-list 1 permit 192.168.1.0 Router(config)# access-list 1 permit 10.108.0.0 Router(config)# router bgp 50000 Router(config-router)# network 10.108.0.0 Router(config-router)# distribute-list 1 in Thanks in advance, Rob Routt
