[c-nsp] Match BGP in ACL
Raymond, Steven
steven_raymond at eli.net
Thu Jul 29 17:14:30 EDT 2004
Is there a more clever way to match on BGP traffic in an ACL besides the
following:
access-list 100 permit tcp x.x.x.x 0.0.0.255 y.y.y.y 0.0.0.255 eq 179
access-list 100 permit tcp y.y.y.y 0.0.0.255 x.x.x.x 0.0.0.255 eq 179
In the context of builing an ip receive ACL, want to specify what network
source & dest addresses can speak BGP to this router. Have discovered that
either BGP speaker can initiate the connection, so if I eliminate one of the
two lines above, then only one side can possibly open the tcp connection.
Noticed that one can do "access-list 100 permit ospf" and thought great,
just s/ospf/bgp/ but it is not not option, presumably because BGP rides over
TCP.
Thanks
More information about the cisco-nsp
mailing list