[c-nsp] Match BGP in ACL
Mark Borchers
mborchers at igillc.com
Thu Jul 29 17:35:42 EDT 2004
Why not neighbor statements with authentication? What am I
missing here?
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
> Raymond, Steven
> Sent: Thursday, July 29, 2004 4:15 PM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] Match BGP in ACL
>
>
> Is there a more clever way to match on BGP traffic in an ACL
> besides the
> following:
>
> access-list 100 permit tcp x.x.x.x 0.0.0.255 y.y.y.y 0.0.0.255 eq 179
> access-list 100 permit tcp y.y.y.y 0.0.0.255 x.x.x.x 0.0.0.255 eq 179
>
> In the context of builing an ip receive ACL, want to specify
> what network
> source & dest addresses can speak BGP to this router. Have
> discovered that
> either BGP speaker can initiate the connection, so if I
> eliminate one of the
> two lines above, then only one side can possibly open the tcp
> connection.
>
> Noticed that one can do "access-list 100 permit ospf" and
> thought great,
> just s/ospf/bgp/ but it is not not option, presumably because
> BGP rides over
> TCP.
>
> Thanks
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list