bgp ip-access-list

BGP peers and route maps can reference a single IP based ACL (access control list). Apply IP ACLs to both inbound and outbound route updates. When applied to a BGP enabled router, every route update is passed through the ACL. Each ACL contains deny and permit entries that are applied sequentially, in the order they appear within the list. When a route matches an entry, the decision to permit or deny the route is applied. Once a match is made the remaining entries in the ACL are not processed.

BGP IP ACLs are used as match criteria in the following contexts:
  • BGP neighbor. For more information, see use.
  • BGP route-map context. For more information, see match.
To navigate to the BGP IP ACL configuration instance, use the following command:
<DEVICE>(config)#bgp ip-access-list <IP-ACL-NAME>
<DEVICE>(config-bgp-ip-access-list-<IP-ACL-NAME>)#?
BGP IP Access List Mode commands:
  deny     Specify packets to reject
  no       Negate a command or set its defaults
  permit   Specify packets to forward

  clrscr   Clears the display screen
  commit   Commit all changes made in this session
  do       Run commands from Exec mode
  end      End current mode and change to EXEC mode
  exit     End current mode and down to previous mode
  help     Description of the interactive help system
  revert   Revert changes
  service  Service Commands
  show     Show running system information
  write    Write running configuration to memory or terminal

<DEVICE>(config-bgp-ip-access-list-<IP-ACL-NAME>)#
The following table summarizes the BGP IP access list configuration commands:
Click to expand in new window

BGP IP-Access-List Config Mode Commands

Command Description
deny (bgp-ip-access-list) Creates and configures a deny entry rule for this BGP IP ACL
permit (bgp-ip-access-list) Creates and configures a permit entry for this BGP IP ACL
no (bgp-ip-acess-list) Removes a deny or permit entry from this BGP IP ACL