Thanks everyone! This is all good info. I never knew that there was a
client / server relationship between BGP peers and knowing that you can
adjust who's who is good to know as well.
On Tue, Nov 9, 2010 at 5:48 PM, Narbik Kocharians <narbikk_at_gmail.com> wrote:
> We can use the "Neighbor x.x.x.x transport connection-mode passive/Active"
> command, the passive will be the server and the active will be the client.
> Is this what you guys are looking for?
>
>
> On Tue, Nov 9, 2010 at 2:42 PM, Adam Booth <adam.booth_at_gmail.com> wrote:
>
>> My understanding is that within the BGP peering relationship - initially
>> the
>> neighbor with the highest IP address will initially attempt to connect to
>> the neighbor with the lowest IP address - the destination port is TCP 179
>> but the source port is TCP 1024+
>>
>> Given enough time without a BGP session established (around 5 minutes or
>> so), the peer neighbor with the lowest IP address will eventually attempt
>> to
>> start the BGP conversation.
>>
>> It is enough to have a single line in the acl for BGP - however having the
>> ACL support both directions ensures a relatively fast BGP session setup
>> without having to specifically think about which side has the higher or
>> lower IP.
>>
>> Cheers,
>> Adam
>>
>> On Wed, Nov 10, 2010 at 5:08 AM, Ryan West <rwest_at_zyedge.com> wrote:
>>
>> > Matt,
>> >
>> > One side is server and one side is client.
>> >
>> > The statement should read:
>> >
>> >
>> > permit tcp host 192.168.67.7 eq bgp host 192.168.67.6*
>> >
>> > permit tcp host 192.168.67.7 host 192.168.67.6 eq bgp*
>> >
>> > That would cover the local router acting as server or client.
>> >
>> > -ryan
>> >
>> > -----Original Message-----
>> > From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
>> > Matt Sherman
>> > Sent: Tuesday, November 09, 2010 2:01 PM
>> > To: Cisco certification
>> > Subject: BGP ACL
>> >
>> > Hello,
>> >
>> > If I need to permit inbound BGP peering from R7 with an ACL on R6, the
>> > syntax i always see is what's pasted below. The first permit statement
>> > seems to do the trick just fine and the second doesn't make sense to me
>> as
>> > R6 wouldn't see BGP messages sourced from itself (192.168.67.6). Can
>> > anyone explain the purpose of the second statement? Thanks
>> >
>> > AS 6 AS 7
>> > (R6) S1/0 ---- 192.168.67.0 ---- S1/0 (R7)
>> >
>> >
>> >
>> > *R6*
>> >
>> > *ip access-list extended BGP*
>> >
>> > * **permit tcp host 192.168.67.7 eq bgp host 192.168.67.6*
>> >
>> > * permit tcp host 192.168.67.6 host 192.168.67.7 eq bgp*
>> >
>> > *!*
>> >
>> > *int s1/0*
>> >
>> > *** ip access-group BGP in*
>> >
>> >
>> > Blogs and organic groups at http://www.ccie.net
>> >
>> > _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>> >
>> >
>> > Blogs and organic groups at http://www.ccie.net
>> >
>> > _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> *Narbik Kocharians
> *CCSI#30832, CCIE# 12410 (R&S, SP, Security)
> www.MicronicsTraining.com <http://www.micronicstraining.com/>
> Sr. Technical Instructor
> *Ask about our FREE Lab Voucher with our Boot Camps*
> YES! We take Cisco Learning Credits!
> Training & Remote Racks available
Blogs and organic groups at http://www.ccie.net
Received on Tue Nov 09 2010 - 20:56:31 ART
This archive was generated by hypermail 2.2.0 : Sun Dec 05 2010 - 22:14:55 ART