Home > Use Distribute-list to filter Routing Updates in BGP

Use Distribute-list to filter Routing Updates in BGP

March 2nd, 2012 in Basic Labs Go to comments

In this lab we will learn how to use distribute-list to filter unwanted routes in BGP. Below is the topology of this lab:


IOS used in this lab: c3640-jk9s-mz.124-16.bin

Objectives of this lab:
+ Task 1: Configure EBGP on AS 1, AS 23, AS 4 and configure IBGP between R2 & R3 (AS23), also advertise loopback 0 interface on R1 so that all the routers learn about this network.
+ Task 2: Use a distribute-list to filter out network

Let’s start our lab!

Task 1 has been mentioned in detail in BGP next-hop-self, community no-export & send-community Lab so I just post the configuration here:

Configure IP addresses on all interfaces

R1(config)#interface f0/0
R1(config-if)#ip address
R1(config-if)#no shutdown
R3(config)#interface f0/0
R3(config-if)#ip address
R3(config-if)#no shutdown
R3(config)#interface f1/0
R3(config-if)#ip address
R3(config-if)#no shutdown
R2(config)#interface f0/0
R2(config-if)#ip address
R2(config-if)#no shutdown
R2(config)#interface f1/0
R2(config-if)#ip address
R2(config-if)#no shutdown
R4(config)#interface f0/0
R4(config-if)#ip address
R4(config-if)#no shutdown

Configure EBGP & IBGP

R1(config)#router bgp 1
R1(config-router)#neighbor remote-as 23
R3(config)#router bgp 23
R3(config-router)#neighbor remote-as 23
R3(config-router)#neighbor remote-as 4
R3(config-router)#neighbor next-hop-self
R2(config)#router bgp 23
R2(config-router)#neighbor remote-as 1
R2(config-router)#neighbor remote-as 23
R2(config-router)#neighbor next-hop-self
R4(config)#router bgp 4
R4(config-router)#neighbor remote-as 23

Advertise loopback0 on R1 to other routers

R1(config)#interface loopback0
R1(config-if)#ip address
R1(config)#router bgp 1
R1(config-router)#network mask

Now we can see on all routers. For example on R4 we see:



Task 2: Use distribute-list to filter out network

On R2 configure an access-list and apply it in the distribute-list under BGP mode.

R2(config)#access-list 1 deny
R2(config)#access-list 1 permit any
R2(config)#router bgp 23
R2(config-router)#neighbor distribute-list 1 in

Now network disappears in both BGP routing table and routing table of R4


You can check to see the access-list 1 has been matched with the “show access-list 1” command:


Another way to complete this task is to apply the distribute-list on R3

R3(config)#access-list 1 deny
R3(config)#access-list 1 permit any
R3(config)#router bgp 23
R3(config-router)#neighbor distribute-list 1 out

In practical we should apply the distribute-list on R2 so that routers in our company don’t need to learn about that route.

  1. Roxanne Bella
    February 15th, 2017

    Great ¡V I should definitely pronounce, impressed with your website. I had no trouble navigating through all tabs as well as related info ended up being truly easy to do to access. I recently found what I hoped for before you know it in the least. Quite unusual. Is likely to appreciate it for those who add forums or anything, website theme . a tones way for your client to communicate. Nice task..


  2. breeze 540
    March 3rd, 2017

    Excellent, I’m happy to see this content on the internet


  3. Jarod Ficklin
    April 20th, 2017

    How does one make dollars with blogs? How does one go about it or start it?


  4. Satrel
    December 1st, 2018

    Couldnt it be a third viable option of setting up a distribute-list on R3 with ‘in’ option:
    neighbor distribute-list 1 in ?

  5. Anonymous
    December 14th, 2018


  6. Anonymous
    April 13th, 2021

    Satrel – That would still work (filtering as the traffic gets into R3), however, the principle is “avoid unnecessary traffic into your network” else it consumes your bandwidth for nothing, therefore filter the traffic out before it gets into AS 23 if it is not required (at R2 in).

  1. No trackbacks yet.