From: alsontra@hotmail.com
Date: Fri Feb 20 2004 - 19:58:13 GMT-3
I cannot believe that I spent 20 minutes struggling with that.
permit tcp any any eq bgp --> basically any:(any port) to any:179
Allow remote to start BGP sessions
permit tcp any eq bgp any -->basically any:179 to any:(any port)
Allows locally initiated BGP sessions in from remote BGP neighbors
Hope, I've come to the correct understanding. :-)
Thanks a Million,
Alsontra
----- Original Message -----
From: "Jay Hennigan" <jay@west.net>
To: <alsontra@hotmail.com>
Cc: <ccielab@groupstudy.com>
Sent: Friday, February 20, 2004 12:31 PM
Subject: Re: ACL?
> On Fri, 20 Feb 2004 alsontra@hotmail.com wrote:
>
> > Hi Group,
> >
> > What is the difference between the following two statements
> >
> > permit tcp any any bgp <-------any host to any host using bgp
>
> Allow any source IP and port to connect to the BGP port (tcp 179) of any
> destination address. (You probably need an "eq" before "bgp").
> > and
> >
> > permit tcp any eq bgp any <-------any host using bgp to any host
>
> Allow any source IP with an originating port of BGP (tcp 179) to connect
> to any destination address on any port.
>
> > The if used in conjunction isn't the first statement redundant? Or do
you need
> > both. These statement occur in an inbound access-list.
>
> The first lets others initiate a BGP session to your listening port.
> The second lets you initiate to others who are listening. In the case
> of BGP, sessions are established both ways and one is torn down as part
> of the establishment process.
>
> To get a feel for what the port number placement does, experiment with www
> (tcp 80) and web servers on both ends of the link, with both inbound and
> outbound lists.
>
> --
> Jay Hennigan - CCIE #7880 - Network Administration - jay@west.net
> WestNet: Connecting you to the planet. 805 884-6323 WB6RDV
> NetLojix Communications, Inc. - http://www.netlojix.com/
This archive was generated by hypermail 2.1.4 : Fri Mar 05 2004 - 07:13:52 GMT-3