Courseiva
BGPCCNA 200-301

BGP Route Filtered by Prefix-List — Not Reaching Peer

Presenting Symptom

A BGP route learned from an eBGP peer is not being installed in the routing table, even though the BGP session is established and the route is present in the BGP table.

Network Context

Two Cisco routers (R1 and R2) are connected via a serial link in a small branch office. R1 is an AS 65001 router, and R2 is an AS 65002 router. Both run IOS 15.x. The network uses eBGP to exchange a single prefix (192.168.1.0/24) from R2 to R1. A prefix-list is applied inbound on R1 to filter routes, but the engineer observes that the route is not reaching the routing table.

Diagnostic Steps

1

Check BGP session status

show ip bgp summary
BGP router identifier 10.0.0.1, local AS number 65001
BGP table version is 3, main routing table version 3
Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.0.0.2        4        65002      10      10        3    0    0 00:05:32        1

The BGP session is established (State/PfxRcd shows 1 prefix received). This rules out session issues.

2

Check BGP table for the prefix

show ip bgp 192.168.1.0/24
BGP routing table entry for 192.168.1.0/24, version 2
Paths: (1 available, best #1, table default)
  Advertised to update-groups:
     1
  Refresh Epoch 1
  Local
    10.0.0.2 from 10.0.0.2 (10.0.0.2)
      Origin IGP, metric 0, localpref 100, valid, external, best
      rx pathid: 0, tx pathid: 0x0

The prefix is in the BGP table and marked as best. This indicates BGP has selected the route, but it may be filtered from being installed in the routing table.

3

Check routing table for the prefix

show ip route 192.168.1.0/24
% Subnet not in table

The route is not in the routing table. Since BGP has the best route, the issue is likely due to an inbound filter (prefix-list or route-map) that is denying the route from being installed.

4

Check inbound prefix-list applied to the BGP neighbor

show ip prefix-list detail
ip prefix-list FILTER: 1 entries
   seq 5 deny 192.168.1.0/24

The prefix-list named FILTER has a deny entry for the exact prefix 192.168.1.0/24. This is the root cause: the inbound prefix-list is filtering the route.

Root Cause

An inbound prefix-list named 'FILTER' is applied to the BGP neighbor on R1, and it contains a deny statement for the prefix 192.168.1.0/24, preventing the route from being installed in the routing table.

Resolution

Remove the deny entry or modify the prefix-list to permit the prefix. Commands: 1. Enter global configuration mode: configure terminal 2. Remove the deny entry: no ip prefix-list FILTER seq 5 deny 192.168.1.0/24 Or add a permit entry with a higher sequence number: ip prefix-list FILTER seq 10 permit 192.168.1.0/24 3. Clear BGP session to re-advertise routes: clear ip bgp * soft in

Verification

1. Verify prefix-list: show ip prefix-list detail Expected: No deny entry for 192.168.1.0/24 2. Verify BGP table: show ip bgp 192.168.1.0/24 Expected: Route still present and best 3. Verify routing table: show ip route 192.168.1.0/24 Expected: Route now present, e.g., 'B 192.168.1.0/24 [20/0] via 10.0.0.2, 00:00:05'

Prevention

["Always verify prefix-list entries before applying them to BGP neighbors, especially inbound filters.","Use route-maps with explicit permit/deny logic and test with 'show ip bgp prefix-list' or 'show ip bgp route-map' before applying.","Implement change management and peer review for BGP filter changes."]

CCNA Exam Relevance

On the CCNA 200-301 exam, this scenario tests understanding of BGP route selection and filtering. Questions may present a troubleshooting scenario where a BGP route is not in the routing table despite an established session. Candidates must know to check inbound prefix-lists or route-maps. The exam may ask multiple-choice or drag-and-drop steps to identify the cause.

Exam Tips

1.

Remember that BGP routes must be both in the BGP table (as best) and pass any inbound filters to be installed in the routing table.

2.

The 'show ip bgp' command shows the BGP table; the 'show ip route' command shows the routing table. A route in BGP but not in the routing table indicates a filter issue.

3.

Know that 'clear ip bgp * soft in' is used to re-process inbound updates without tearing down the session.

Commands Used in This Scenario

show ip bgp

Displays the BGP routing table, showing learned BGP routes and their attributes, used for troubleshooting BGP path selection and verifying route advertisement.

show ip route

Displays the current IP routing table on a Cisco router, used to verify routes, check next-hop addresses, and troubleshoot connectivity issues.

Test Your CCNA Knowledge

Practice with scenario-based questions to prepare for the CCNA 200-301 exam.

Practice CCNA Questions