Here is the scenario diagram…
Objective:
Configure using community No-Export so that hosts on R3’s Ethernet have access to VLANs 5 and 43 but AS 1 and AS 3 cannot reach VLANs 43 and 5 respectively.
Here is my configuration of R4 and R5
R5:
router bgp 1
no synchronization
bgp log-neighbor-changes
network 155.1.5.0 mask 255.255.255.0
neighbor 155.1.0.2 remote-as 2
neighbor 155.1.0.2 send-community
neighbor 155.1.0.2 route-map SET-COMMUNITY out
no auto-summary
!
access-list 1 permit 155.1.5.0 0.0.0.255
!
route-map SET-COMMUNITY permit 10
match ip address 1
set community no-export
!
route-map SET-COMMUNITY permit 20
R4:
router bgp 3
no synchronization
bgp log-neighbor-changes
network 204.12.1.0
neighbor 155.1.146.1 remote-as 2
neighbor 155.1.146.1 send-community
neighbor 155.1.146.1 route-map SET-COMMUNITY out
no auto-summary
!
access-list 1 permit 204.12.1.0 0.0.0.255
!
route-map SET-COMMUNITY permit 10
match ip address 1
set community no-export
!
route-map SET-COMMUNITY permit 20
!
Now everything appears to be fine as I check on R1 and R2 which are neighbors of R4 and R5 respectively
R1#sh ip bgp 204.12.1.0
BGP routing table entry for 204.12.1.0/24, version 3
Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised to
EBGP peer)
Advertised to update-groups:
1
3
155.1.146.4 from 155.1.146.4 (204.12.1.4)
Origin IGP, metric 0, localpref 100, valid, external, bestCommunity: no-export
And
R2#show ip bgp 155.1.5.0
BGP routing table entry for 155.1.5.0/24, version 2
Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised to
EBGP peer)
Advertised to update-groups:
2
1
155.1.0.5 from 155.1.0.5 (155.1.5.5)
Origin IGP, metric 0, localpref 100, valid, external, best
Community: no-export
BGP routing table entry for 204.12.1.0/24, version 3
Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised to
EBGP peer)
Advertised to update-groups:
1
3
155.1.146.4 from 155.1.146.4 (204.12.1.4)
Origin IGP, metric 0, localpref 100, valid, external, bestCommunity: no-export
And
R2#show ip bgp 155.1.5.0
BGP routing table entry for 155.1.5.0/24, version 2
Paths: (1 available, best #1, table Default-IP-Routing-Table, not advertised to
EBGP peer)
Advertised to update-groups:
2
1
155.1.0.5 from 155.1.0.5 (155.1.5.5)
Origin IGP, metric 0, localpref 100, valid, external, best
Community: no-export
But still R5 and R4 see these routes in their routing table and are able to ping each other…
R4#show ip bgp
BGP table version is 8, local router ID is 204.12.1.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 155.1.5.0/24 155.1.146.1 0 2 1 i*> 155.1.37.0/24 155.1.146.1 0 2 i
*> 204.12.1.0 0.0.0.0 0 32768 i
BGP table version is 8, local router ID is 204.12.1.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 155.1.5.0/24 155.1.146.1 0 2 1 i*> 155.1.37.0/24 155.1.146.1 0 2 i
*> 204.12.1.0 0.0.0.0 0 32768 i
Now R4 shouldn’t be able to see 155.1.5.0/24 network but it does :S
R4#ping 155.1.5.5 source 204.12.1.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 155.1.5.5, timeout is 2 seconds:
Packet sent with a source address of 204.12.1.4
!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 108/213/316 m
Same is the case with R5. It sees and reaches network advertised by R4…
Any help will be appreciated…
Any help will be appreciated…
Best Institute for CCNA CCNP CCSP CCIP CCIE R&S, CCIE Security Training in India
M-44, Old Dlf, Sector-14
Gurgaon, Haryana, india
0 comments:
Post a Comment