neighbor 10.0.0.1 deny-map my-map command
Configure BGP Route Filtering by Neighbor
You can filter BGP advertisements in two ways:
Use AS-path filters, as with the ip as-path access-list global configuration command and the
neighbor filterlist command
Use access or prefix lists, as with the neighbor distribute-list command.
Filtering using prefix lists is described in "Configuring BGP Filtering Using Prefix Lists".
If you want to restrict the routing information that the Cisco IOS software learns or advertises, you
can filter BGP routing updates to and from particular neighbors. To do this, you can either define
an access list or a prefix list and apply it to the updates.
Note Distribute-list filters are applied to network numbers and not autonomous system paths.
To filter BGP routing updates, use the following command in router configuration mode:
Configuring BGP Filtering Using Prefix Lists
Prefix lists can be used as an alternative to access lists in many BGP route filtering commands.
"How the System Filters Traffic by Prefix List" describes the way prefix list filtering works.
The advantages of using prefix lists are:
Significant performance improvement in loading and route lookup of large lists
Support for incremental updates Filtering using extended access lists does not support
More user-friendly command-line interface
The command-line interface for using access lists to filter BGP updates is difficult to understand
and use, since it uses the packet filtering format.
Before using a prefix list in a command, you must set up a prefix list, and you may want to assign
sequence numbers to the entries in the prefix list.
Enable BGP Routing
To enable BGP routing, establish a BGP routing process by using the following commands
beginning in global configuration mode:
Note For exterior protocols, a reference to an IP network from the network router configuration
command controls only which networks are advertised. This is in contrast to Interior Gateway
Protocols (IGP), such as IGRP, which also use the network command to determine where to send
The network command is used to inject IGP routes into the BGP table. The network-mask portion
of the command allows supernetting and subnetting. The router's resources, such as configured
NVRAM or RAM, determine the number of network commands you can use. Alternatively, you
could use the redistribute command to achieve the same result.
Configure Advanced BGP Features The tasks in this section are for configuring advanced BGP
Use Route Maps to Modify Updates
You can use a route map on a per-neighbor basis to filter updates and modify various attributes. A
route map can be applied to either inbound or outbound updates. Only the routes that pass the
route map are sent or accepted in updates.
On both the inbound and the outbound updates, we support matching based on autonomous
system path, community, and network numbers. Autonomous system path matching requires the
as-path access-list command, community based matching requires the community-list command
and network-based matching requires the ip access-list command. Use the following command in
router configuration mode: