RE: Passive interface command for BGP peering?

From: Brian McGahan (brian@xxxxxxxxxxxxxxx)
Date: Thu Jul 18 2002 - 15:15:08 GMT-3

• Next message: John Mistichelli: "RE: ARP"
• Previous message: McDermott, Ted: "Willing to swap my August 27th date for your late september or 1s t wk of October date"
• Maybe in reply to: Ng, Kim Seng David (David): "Passive interface command for BGP peering?"
• Next in thread: Anthony Pace: "RE: Passive interface command for BGP peering?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Now *THAT* is an interesting solution Brian. Making the locally
originated traffic hop once before leaving so it hits an outbound
access-list... I might just have to steal that one from you ;)

Brian McGahan, CCIE #8593
Director of Design and Implementation
brian@cyscoexpert.com

CyscoExpert Corporation
Internetwork Consulting & Training
http://www.cyscoexpert.com
Voice: 847.674.3392
Fax: 847.674.2625

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Brian Dennis
Sent: Thursday, July 18, 2002 12:23 PM
To: 'Ng, Kim Seng David (David)'; ccielab@groupstudy.com
Subject: RE: Passive interface command for BGP peering?

You could block it inbound on the other side. If it must be blocked
outbound create a local policy and forward the BGP traffic to the
loopback interface first. This will cause the BGP traffic to hit the
outbound access-list on the BRI interface. Another solution would be to
filter the loopback's route from being advertised over the BRI
interfaces. Of course there are a few other ways to solve this problem
;-)

Also make sure that you block BGP in both directions with your
access-list:
access-list 100 deny tcp host x.x.x.x eq 179 host x.x.x.x
access-list 100 deny tcp host x.x.x.x host x.x.x.x eq 179
access-list 100 permit ip any any

Brian Dennis, CCIE #2210 (R&S/ISP Dial)

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Ng, Kim Seng David (David)
Sent: Thursday, July 18, 2002 8:28 AM
To: ccielab@groupstudy.com
Subject: Passive interface command for BGP peering?

Hi group,

        Is there an equivalent "passive interface" command to stop BGP
peering over a specific interface. In a case when I have the backup BRI
interface activated and the floating static default route in place, I
want to prevent the BGP peering from happening over the BRI interface.
Dialer list can prevent peering from activating the BRI link but that
will not stop BGP peering when some other interesting traffic activates
the link. I tried access-list extended out blocking tcp port 179 at the
BRI interface but the IBGP peering (thru loopback interface) still
occurs. I think it is because the access-list cannot block locally
generated traffic. Hope someone can advice.

Thanks
David

• Next message: John Mistichelli: "RE: ARP"
• Previous message: McDermott, Ted: "Willing to swap my August 27th date for your late september or 1s t wk of October date"
• Maybe in reply to: Ng, Kim Seng David (David): "Passive interface command for BGP peering?"
• Next in thread: Anthony Pace: "RE: Passive interface command for BGP peering?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:36:35 GMT-3