Re: accesslist.....bgp [7:42098]
hey, Nigel, long time no hear from you. I was a bit pithy, not to mention pissy, in my response, and for that I apologize. still, it remains interesting that people will post a question like "what's wrong with my access-list" and then not post the access-list. It should be apparent that something in the access-list caused the problem. hard to help if you don't know the contents. talk to you off line. Chuck ""Nigel Taylor"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Stanzin, Chuck, >I had this happen to me the other day when one of our > engineers made a change to the ACL on one of our BGP peer > connections. Typically all the ACLs are the same on all of our BGP > connections, so when trouble shooting the problem some assumtions were > made. The problem ended up being that on a number of our connections we > use the provider space to p-t-p connections. A few of the other > connections are made using our own IP space. The engineer forgot to add a > permit statement to the ACL to allow for the p-t-p links. Although there > was a "permit ip any any" at the end of the list, the anti-spoofing part > of the ACL that read "deny ip 192.168.0.0 0.0.0.0 any" denied the BGP > peering relationship. This also filtered all icmp traffic as well. The > other interesting thing here is the local interface could not be ping'd > as well...:-> > > We get to have to much fun I think.. > > P.S. Chuck what's been going on? Drop me a line.. > > Nigel > > >From: "Chuck" >Reply-To: "Chuck" >To: [EMAIL PROTECTED] >Subject: Re: > accesslist.bgp [7:42098] >Date: Sun, 21 Apr 2002 00:17:18 -0400 > >we > give up. post the access-list > > >""Stanzin Takpa"" wrote in message > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi , > > I came across > a strange situation. > > I am running bgp b/w two routers(cisco). > Whenever I configure access-list > > on one of the router,the bgp routes > from the router on which I configure >acl > > are getting disappearin 'sh > ip routes ' > > and I am not able to ping from one n/w to the other . > > > > > What could be the problem / > > > > > > Stanz > > > > >Message Posted > at: >http://www.groupstudy.com/form/read.php?f=7&i=42118&t=42098 > >-- >FAQ, list archives, > and subscription info: http://www.groupstudy.com/list/cisco.html >Report > misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > Get your FREE download of MSN Explorer at http://explorer.msn.com. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42124&t=42098 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: accesslist.....bgp [7:42098]
Stanzin, Chuck, I had this happen to me the other day when one of our engineers made a change to the ACL on one of our BGP peer connections. Typically all the ACLs are the same on all of our BGP connections, so when trouble shooting the problem some assumtions were made. The problem ended up being that on a number of our connections we use the provider space to p-t-p connections. A few of the other connections are made using our own IP space. The engineer forgot to add a permit statement to the ACL to allow for the p-t-p links. Although there was a "permit ip any any" at the end of the list, the anti-spoofing part of the ACL that read "deny ip 192.168.0.0 0.0.0.0 any" denied the BGP peering relationship. This also filtered all icmp traffic as well. The other interesting thing here is the local interface could not be ping'd as well...:-> We get to have to much fun I think.. P.S. Chuck what's been going on? Drop me a line.. Nigel >From: "Chuck" >Reply-To: "Chuck" >To: [EMAIL PROTECTED] >Subject: Re: accesslist.bgp [7:42098] >Date: Sun, 21 Apr 2002 00:17:18 -0400 > >we give up. post the access-list > > >""Stanzin Takpa"" wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi , > > I came across a strange situation. > > I am running bgp b/w two routers(cisco). Whenever I configure access-list > > on one of the router,the bgp routes from the router on which I configure >acl > > are getting disappearin 'sh ip routes ' > > and I am not able to ping from one n/w to the other . > > > > What could be the problem / > > > > > > Stanz > > > > >Message Posted at: >http://www.groupstudy.com/form/read.php?f=7&i=42118&t=42098 >-- >FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Get your FREE download of MSN Explorer at http://explorer.msn.com. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42120&t=42098 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: accesslist.....bgp [7:42098]
we give up. post the access-list ""Stanzin Takpa"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi , > I came across a strange situation. > I am running bgp b/w two routers(cisco). Whenever I configure access-list > on one of the router,the bgp routes from the router on which I configure acl > are getting disappearin 'sh ip routes ' > and I am not able to ping from one n/w to the other . > > What could be the problem / > > > Stanz Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42118&t=42098 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
accesslist.....bgp [7:42098]
Hi , I came across a strange situation. I am running bgp b/w two routers(cisco). Whenever I configure access-list on one of the router,the bgp routes from the router on which I configure acl are getting disappearin 'sh ip routes ' and I am not able to ping from one n/w to the other . What could be the problem / Stanz Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42098&t=42098 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
