From: Sami (sy1977@gmail.com)
Date: Wed Aug 02 2006 - 19:23:17 ART
Another question .about reflexive access list
permit tcp any any reflect MYREFLECT --> this line allow all the tcp
traffic , bgp is also running . Do we need to permit explictly bgp in
outbound direction or not ?
permit tcp any any eq bgp
permit tcp any eq bgp any
Thanks
..
On 7/23/06, Magmax <magmax@bigpond.net.au> wrote:
>
> David,
>
> It is same thing mate but you will be permitting traffic other than TCP,
> UDP, and ICMP like EIGRP or ESP
>
> Please feel free to correct my concept
>
>
> Regards,
>
> Ubaid
>
>
>
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> David Redfern (AU)
> Sent: Sunday, 23 July 2006 7:38 PM
> To: ccielab@groupstudy.com
> Subject: reflexive acl's and bgp orf
>
> Hi Guys,
>
> Just working IEWB lab 15 and just want to brainstorm everyones thoughts.
>
> Couple of questions
>
>
> REFLEXIVE ACCESS LISTS
>
>
> A lot of practice labs which ask for reflexive access-lists have the
> following outbound
>
>
> ip access-list extended OUTBOUND
> permit tcp any any reflect MYREFLECT
> permit udp any any reflect MYREFLECT
> permit icmp any any reflect MYREFLECT
>
>
>
> Does anyone know if you must use all 3 entries for any reason or simply
> one statement below can be used in its place when using Reflexive access
> lists.
>
> ip access-list extended OUTBOUND
> permit ip any any reflect MYREFLECT
>
>
> When i use the above and i seem to achieve the same result. Any ideas?
>
>
>
>
> BGP OUTBOUND ROUTE FILTERING
>
> All documenation suggests the below command must be entered under
> address family configuration and not directly under the routing process.
> When i do this directly under it works. But on some IOS it is not
> showing up in the running config.
> Verification of sh ip bgp nei shows the route-filter applied.
>
> Is ipv4 unicast the default and is that why it works?
>
> Any ideas of best practice?
>
>
> neighbor x.x.x.x capability orf prefix-list send/receive/bot
>
>
>
>
>
> ****************************************************************************
> *
> *
> - NOTICE FROM DIMENSION DATA AUSTRALIA
> This message is confidential, and may contain proprietary or legally
> privileged information. If you have received this email in error, please
> notify the sender and delete it immediately.
>
> Internet communications are not secure. You should scan this message and
> any
> attachments for viruses. Under no circumstances do we accept liability
> for
> any loss or damage which may result from your receipt of this message or
> any
> attachments.
>
> ****************************************************************************
> *
> *
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Sep 01 2006 - 15:41:55 ART