From: achievewoo@gmail.com
Date: Wed Mar 07 2007 - 22:57:33 ART
Hi, GS
Here is simply topolog
R1--vlan 1---R2--vlan2--R3
R1 and R3 are BGP peers, but R2 is not.
I tried to do reflective access-list on R2, permit Routing Prtocol(BGP) and ICMP both inbound and outbound. TCP and UDP traffic only be permitted from vlan1 to vlan 2. However, TCP and UDP traffice which original from vlan 2 are not permit go to vlan 1.
My configuration as follows.
ip access-list extended INBOUND
permit icmp any any
permit tcp any any eq bgp
permit tcp any eq bgp any
permit tcp any any eq telnet
permit tcp any eq telnet any
evaluate REF
ip access-list extended OUTBOUND
permit icmp any any
permit tcp any any reflect REF
permit udp any any reflect REF
Here is output
R2#show ip access-list
Extended IP access list INBOUND
10 permit icmp any any
20 permit eigrp any any (8829 matches)
30 permit tcp any any eq bgp
40 permit tcp any any eq telnet (370 matches)
50 permit tcp any eq telnet any
60 evaluate REF
Extended IP access list OUTBOUND
10 permit icmp any any
20 permit tcp any any reflect REF (148 matches)
30 permit udp any any reflect REF
Reflexive IP access list REF
permit tcp host 1.1.1.1 eq bgp host 1.1.5.5 eq 18895 (24 matches) (time left 283)
My question is why there is no match at list "30 permit tcp any any eq bgp"
Should I put another list permit tcp any eq bgp any ?
Any ideas?
Thanks!
My question is why there is no match at this list:
This archive was generated by hypermail 2.1.4 : Sun Apr 01 2007 - 06:35:50 ART