Before the configuration:
FGT # get router info bgp neighbors 172.17.0.1 received-routes VRF 0 BGP table version is 1, local router ID is 172.17.0.2 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight RouteTag Path *> 0.0.0.0/0 172.17.0.1 0 0 600 ? <-/-> <----- Receive default route from BGP peer. *> 10.10.40.0/24 172.17.0.1 0 0 600 ? <-/-> *> 10.10.45.0/24 172.17.0.1 0 0 600 i <-/->
Total number of prefixes 3
FGT # get router info routing-table database Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area V - BGP VPNv4 > - selected route, * - FIB route, p - stale info
Routing table for VRF=0 B 0.0.0.0/0 [20/0] via 172.17.0.1 (recursive via wirea26 tunnel 10.47.1.237), 00:04:36, [1/0] S *> 0.0.0.0/0 [10/0] via 10.47.31.254, port4, [1/0] B *> 10.10.40.0/24 [20/0] via 172.17.0.1 (recursive via wirea26 tunnel 10.47.1.237), 00:04:36, [1/0] B *> 10.10.45.0/24 [20/0] via 172.17.0.1 (recursive via wirea26 tunnel 10.47.1.237), 00:04:36, [1/0]
To do not have the default route via BGP neighbors, it is possible to configure access-list with exact match to deny it:
FGT #config router access-list edit "deny_default" config rule edit 1 set action deny set prefix 0.0.0.0 0.0.0.0 set exact-match enable next edit 2 set prefix any next end next end
Note:
Do not forget to include the prefix or access-list list entry 'any' and make sure it is the last entry in the list. Otherwise, if a prefix/access list is created with a single entry such as 'set prefix 0.0.0.0 0.0.0.0', this will block all BGP advertisements for the neighbor.
Access the access list to the BGP neighbor in the direction:
FGT #config router bgp set as 3800 config neighbor edit "172.17.0.1" set soft-reconfiguration enable set distribute-list-in "deny_default" set remote-as 600 next end end
Restart the BGP 'execute router clear bgp ip 172.17.0.1 soft' and recheck the routing table.
After around 20 to 30 seconds to confirm it, the prefix will be received from the neighbors.
FGT # get router info bgp summary VRF 0 BGP router identifier 172.17.0.2, local AS number 3800 BGP table version is 1 2 BGP AS-PATH entries 0 BGP community entries
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 172.17.0.1 4 600 6499 6476 0 0 0 00:21:39 3
Total number of neighbors 1
The default will not show anymore:
FGT # get router info routing-table database Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area V - BGP VPNv4 > - selected route, * - FIB route, p - stale info
Routing table for VRF=0 S *> 0.0.0.0/0 [10/0] via 10.47.31.254, port4, [1/0] B *> 10.10.40.0/24 [20/0] via 172.17.0.1 (recursive via wirea26 tunnel 10.47.1.237), 00:22:07, [1/0] B *> 10.10.45.0/24 [20/0] via 172.17.0.1 (recursive via wirea26 tunnel 10.47.1.237), 00:22:07, [1/0] B *> 10.10.50.0/24 [20/0] via 172.17.0.1 (recursive via wirea26 tunnel 10.47.1.237), 00:22:07, [1/0]
|