Re: access-list

From: Bill Eyer (beyer@optonline.net)
Date: Fri May 16 2008 - 07:54:37 ART

• Next message: Paul Cosgrove: "Re: access-list"
• Previous message: Sadiq Yakasai: "Re: access-list"
• Maybe in reply to: ccieking@gmail.com: "access-list"
• Next in thread: Paul Cosgrove: "Re: access-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

If you had this in a scenario, you might not know the router-id of the
backbone router until after the session was established. Even once you
had the router-id figured out in a pod on the real lab, could you be
certain that you would get the same router-id when they grade you?

Bill

Scott Morris wrote:
> Isn't the same true of many protocols? If I send a request out for a web
> page, it's sourced originally from an ephemeral port (>1023) to a
> destination port of 80. The incoming packet on my router from the Internet
> would have a source port of 80 and destination of whatever the random port
> was.
>
> You can predict the direction traffic will flow based on the RFC information
> for BGP! :)
>
> The conversation is initiated by the BGP speaker with the higher BGP
> Identifier. Section 6.8 "Connection collision detection" spells this
> concept out.
>
> So you really don't need to have both statements. Or at least you'll find
> that one has hits and the other doesn't during normal operation!
>
> HTH,
>
>
> Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE-M
> #153, JNCIS-ER, CISSP, et al.
> CCSI/JNCI-M/JNCI-ER
> VP - Technical Training - IPexpert, Inc.
> IPexpert Sr. Technical Instructor
>
> smorris@ipexpert.com
>
>
>
> Telephone: +1.810.326.1444
> Fax: +1.810.454.0130
> http://www.ipexpert.com
>
>
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Matt
> Bentley
> Sent: Thursday, May 15, 2008 9:13 PM
> To: Scott Morris
> Cc: ccieking@gmail.com; ccielab@groupstudy.com
> Subject: Re: access-list
>
> Hello:
>
> I had trouble with this one for a long time too. Source verses destination
> is exactly correct, but to elaborate.....
>
> R1 (TCP Port 179) ---------------------------R2 (TCP Port 179) The first
> statement (permit tcp any eq bgp any) would match BGP traffic going from R1
> to R2 The second statement (permit tcp any any eq bgp) would match BGP
> traffic going from R2 to R1.
>
> BGP is a little funny in this way - the sender sources traffic from TCP port
> 179 - but the destination port is random.
> This is why whenever you're allowing BGP through an ACL you have to do both
> statements, instead of a single one as in RIP/OSPF/EIGRP (ie permit udp any
> any eq rip)
>
> HTH
>
> Matt Bentley
>
>
>
> On Thu, May 15, 2008 at 9:03 PM, Scott Morris <smorris@ipexpert.com> wrote:
>
>
>> Source vs. destination
>>
>>
>> http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_a2.
>> html#w
>> p1013358<http://www.cisco.com/en/US/docs/ios/security/command/referenc
>> e/sec_a2.html#wp1013358>
>>
>> HTH,
>>
>>
>> Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713,
>> JNCIE-M #153, JNCIS-ER, CISSP, et al.
>> CCSI/JNCI-M/JNCI-ER
>> VP - Technical Training - IPexpert, Inc.
>> IPexpert Sr. Technical Instructor
>>
>> smorris@ipexpert.com
>>
>>
>>
>> Telephone: +1.810.326.1444
>> Fax: +1.810.454.0130
>> http://www.ipexpert.com
>>
>>
>>
>>
>>
>> -----Original Message-----
>> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
>> Of ccieking@gmail.com
>> Sent: Thursday, May 15, 2008 7:01 PM
>> To: ccielab@groupstudy.com
>> Subject: access-list
>>
>> Hi experts
>>
>> what is the difference between these two access-list
>>
>> permit tcp any any eq bgp
>> permit tcp any eq bgp any
>>
>> can anyone explain me?
>>
>> regards
>> Richard
>>
>>
>> ______________________________________________________________________
>> _ Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> ______________________________________________________________________
>> _ Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Paul Cosgrove: "Re: access-list"
• Previous message: Sadiq Yakasai: "Re: access-list"
• Maybe in reply to: ccieking@gmail.com: "access-list"
• Next in thread: Paul Cosgrove: "Re: access-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Jun 02 2008 - 06:59:16 ART