because _ is used to match space Try ip as-path access-list 1 deny _123\)_
Also ip as-path access-list 1 deny _123._ would work too but that would also match 123[0-9] so the first option above is the better response. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Cody Cook Sent: Saturday, October 09, 2010 4:43 PM To: [email protected] Subject: [OSL | CCIE_RS] AS-Path filtering and Confederations Is there a way to filter out routes that transit an AS that is a confederation peer using an as-path access list? I may be missing something but I am unable to get it to work in my lab. Say you have the following output from sh ip bgp: *>i191.15.0.23/32 191.15.0.2 0 100 0 (23) ? *> 210.4.43.0 191.15.0.23 0 100 0 (23 123) 110 70 115 e *> 210.210.20.0 191.15.0.23 0 100 0 (23 63) 70 e *> 210.210.21.0 191.15.0.23 0 100 0 (23) 70 e I can manipulate the AS paths external to the confederation how I want using an as-path list applying them to the neighbor via a route-map , but for those AS numbers within the confederation, I am unable to filter in this manner. For example: ip as-path access-list 1 deny _110_ Works ip as-path access-list 1 deny _123_ Does not work I have other methods for filtering this traffic as well, but I was thinking that this would be a better solution in that I wouldn't have to care about the specific routes from the AS in question. Does this make sense? What am I missing here? Thanks. Cody _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
