If "echo" is used, I think you might need something like the following, replicating the ACEs exactly on each side.
// permit udp <side1> <side2> eq 3784 permit udp <side1> <side2> eq 3785 permit udp <side2> <side1> eq 3784 permit udp <side2> <side1> eq 3785 permit udp <side1> eq 3784 <side2> permit udp <side1> eq 3785 <side2> permit udp <side2> eq 3784 <side1> permit udp <side2> eq 3785 <side1> // On Thu, Oct 31, 2019 at 11:42 AM Drew Weaver <drew.wea...@thenap.com> wrote: > Howdy! > > I have noticed that if I put: > > permit udp any any eq 3784 > permit udp any any eq 3785 > > Into a CoPP policy, this makes BFD function between two systems. > > If I try to get specific and use the source and destination addresses of > the two systems BFD flaps wildly. > > I would assume, most likely foolishly that the NeighAddr listed in 'sh bfd > nei' would be the source IP of the BFD packets but it appears that I am > mistaken. > > Any ideas? > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/