Hi All, This question asks to 'ensure that only directly connected clients of AS102 can transit AS50'.
AS101 - AS50 - AS102 - ASXXX The DSG uses the following inbound as-path acl on the AS50 router peering to AS102: ip as-path access-list 73 permit ^102(_[0-9]+?$ This filters the required routes entering AS50 from AS102 but there are no outbound filters. In the following topology, routes from AS101 could pass through AS50 to AS102 and beyond. AS101 - AS50 - AS102 - ASXXX - AS300 So while AS101 would not have a synchronous return route, AS300 could still transit AS50 to reach AS101. Given that changes can only be done on AS50, whats the best way to prevent this? Cheers James _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com To Unsubscribe from this list please visit the following link and follow the directions to unsubscribe. http://onlinestudylist.com/mailman/listinfo/ccie_rs
