Matt,
One side is server and one side is client.
The statement should read:
permit tcp host 192.168.67.7 eq bgp host 192.168.67.6*
permit tcp host 192.168.67.7 host 192.168.67.6 eq bgp*
That would cover the local router acting as server or client.
-ryan
-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Matt Sherman
Sent: Tuesday, November 09, 2010 2:01 PM
To: Cisco certification
Subject: BGP ACL
Hello,
If I need to permit inbound BGP peering from R7 with an ACL on R6, the syntax i always see is what's pasted below. The first permit statement seems to do the trick just fine and the second doesn't make sense to me as
R6 wouldn't see BGP messages sourced from itself (192.168.67.6). Can anyone explain the purpose of the second statement? Thanks
AS 6 AS 7
(R6) S1/0 ---- 192.168.67.0 ---- S1/0 (R7)
*R6*
*ip access-list extended BGP*
* **permit tcp host 192.168.67.7 eq bgp host 192.168.67.6*
* permit tcp host 192.168.67.6 host 192.168.67.7 eq bgp*
*!*
*int s1/0*
*** ip access-group BGP in*
Blogs and organic groups at http://www.ccie.net
Received on Tue Nov 09 2010 - 19:08:21 ART
This archive was generated by hypermail 2.2.0 : Sun Dec 05 2010 - 22:14:55 ART