[c-nsp] Match BGP in ACL

Raymond, Steven steven_raymond at eli.net
Thu Jul 29 17:14:30 EDT 2004


Is there a more clever way to match on BGP traffic in an ACL besides the
following:

access-list 100 permit tcp x.x.x.x 0.0.0.255 y.y.y.y 0.0.0.255 eq 179
access-list 100 permit tcp y.y.y.y 0.0.0.255 x.x.x.x 0.0.0.255 eq 179

In the context of builing an ip receive ACL, want to specify what network
source & dest addresses can speak BGP to this router.  Have discovered that
either BGP speaker can initiate the connection, so if I eliminate one of the
two lines above, then only one side can possibly open the tcp connection.

Noticed that one can do "access-list 100 permit ospf" and thought great,
just s/ospf/bgp/ but it is not not option, presumably because BGP rides over
TCP.

Thanks



More information about the cisco-nsp mailing list