From: Jay Hennigan (jay@west.net)
Date: Fri Feb 20 2004 - 17:31:53 GMT-3
On Fri, 20 Feb 2004 alsontra@hotmail.com wrote:
> Hi Group,
>
> What is the difference between the following two statements
>
> permit tcp any any bgp <-------any host to any host using bgp
Allow any source IP and port to connect to the BGP port (tcp 179) of any
destination address. (You probably need an "eq" before "bgp").
> and
>
> permit tcp any eq bgp any <-------any host using bgp to any host
Allow any source IP with an originating port of BGP (tcp 179) to connect
to any destination address on any port.
> The if used in conjunction isn't the first statement redundant? Or do you need
> both. These statement occur in an inbound access-list.
The first lets others initiate a BGP session to your listening port.
The second lets you initiate to others who are listening. In the case
of BGP, sessions are established both ways and one is torn down as part
of the establishment process.
To get a feel for what the port number placement does, experiment with www
(tcp 80) and web servers on both ends of the link, with both inbound and
outbound lists.
-- Jay Hennigan - CCIE #7880 - Network Administration - jay@west.net WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
This archive was generated by hypermail 2.1.4 : Fri Mar 05 2004 - 07:13:52 GMT-3