From: Brian Dennis (brian@xxxxxx)
Date: Thu Jul 18 2002 - 14:22:40 GMT-3
You could block it inbound on the other side. If it must be blocked
outbound create a local policy and forward the BGP traffic to the
loopback interface first. This will cause the BGP traffic to hit the
outbound access-list on the BRI interface. Another solution would be to
filter the loopback's route from being advertised over the BRI
interfaces. Of course there are a few other ways to solve this problem
;-)
Also make sure that you block BGP in both directions with your
access-list:
access-list 100 deny tcp host x.x.x.x eq 179 host x.x.x.x
access-list 100 deny tcp host x.x.x.x host x.x.x.x eq 179
access-list 100 permit ip any any
Brian Dennis, CCIE #2210 (R&S/ISP Dial)
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Ng, Kim Seng David (David)
Sent: Thursday, July 18, 2002 8:28 AM
To: ccielab@groupstudy.com
Subject: Passive interface command for BGP peering?
Hi group,
Is there an equivalent "passive interface" command to stop BGP
peering over a specific interface. In a case when I have the backup BRI
interface activated and the floating static default route in place, I
want to prevent the BGP peering from happening over the BRI interface.
Dialer list can prevent peering from activating the BRI link but that
will not stop BGP peering when some other interesting traffic activates
the link. I tried access-list extended out blocking tcp port 179 at the
BRI interface but the IBGP peering (thru loopback interface) still
occurs. I think it is because the access-list cannot block locally
generated traffic. Hope someone can advice.
Thanks
David
This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:36:35 GMT-3