*ESR-1000*
Почему то анонсируются сети 10.100.0.52/30 и 10.100.0.68/30 несмотря на то что они не разрешены ни в route-map ни в prefix-list.
Что нужно сделать чтоб отфильтровать маршрут.
Код: Выделить всё
akt.br00# show ip bgp 65000 vrf mgmt neighbors 172.17.7.78 advertise-routes
Status codes: u - unicast, b - broadcast, m - multicast, a - anycast
* - valid, > - best
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> u 10.100.0.52/30 172.17.7.77 100 0 ?
*> u 10.100.0.68/30 172.17.7.77 100 0 ?
*> u 172.17.11.16/28 172.17.7.77 100 0 ?
*> u 172.17.7.20/30 172.17.7.77 100 0 ?
*> u 172.17.7.76/30 172.17.7.77 100 0 ?
*> u 172.17.0.0/32 172.17.7.77 100 0 ?
Код: Выделить всё
akt.br00# sh ip interfaces vrf mgmt
IP address Interface Admin Link Type
--------------------------------------------------- ------------------ ----- ----- -------
172.17.11.18/28 gi1/0/1.1009 Up Up static
172.17.7.21/30 gi1/0/1.1010 Up Up static
172.17.0.0/32 lo1 Up Up static
172.17.7.77/30 gre 1 Up Up static
10.100.0.69/30 lt 1 Up Up static
10.100.0.53/30 lt 10 Up Up static
Код: Выделить всё
akt.br00# sh running-config routing bgp
router bgp log-neighbor-changes
router bgp 65000
address-family ipv4
router-id 10.100.0.36
network 10.100.0.68/30
network 10.100.0.80/30
peer-group peers
remote-as 65000
authentication algorithm md5
authentication key ascii-text encrypted 8EBE153B941965A2
exit
neighbor 10.100.0.66
update-source 10.100.0.65
description "prm.c08"
peer-group peers
enable
exit
enable
exit
address-family ipv4 vrf mgmt
router-id 172.17.0.0
redistribute connected route-map mgmt-out
peer-group peers
remote-as 65000
prefix-list mgmt-out out
next-hop-self
authentication algorithm md5
authentication key ascii-text encrypted 8EBE153B944065E6
exit
neighbor 172.17.7.22
remote-as 65000
prefix-list mgmt-out out
next-hop-self
update-source 172.17.7.21
description "to br01"
exit
neighbor 172.17.7.78
update-source 172.17.7.77
description "akt.c08"
peer-group peers
enable
exit
enable
exit
address-family ipv4 vrf voip
router-id 10.4.0.0
redistribute connected
redistribute static
peer-group peers
remote-as 65000
prefix-list voip-out out
next-hop-self
authentication algorithm md5
authentication key ascii-text encrypted CBA2055CA72B43FA
exit
neighbor 10.4.1.14
update-source 10.4.1.13
description "prm.c08"
peer-group peers
enable
exit
neighbor 10.4.1.2
remote-as 65000
prefix-list voip-out out
next-hop-self
update-source 10.4.1.1
enable
exit
enable
exit
exit
Код: Выделить всё
ip prefix-list mgmt-out
permit 172.16.0.0/12 le 32
Код: Выделить всё
route-map mgmt-out
rule 10
match ip access-group mgmt
action permit
exit
Код: Выделить всё
ip access-list extended mgmt
description "Management Network"
rule 1
action permit
match source-address 172.16.0.0 255.240.0.0
enable
exit
exit