You would need an access list blocking traffic going out too. In will allow traffic to cross the link but the router will drop it. I think one of Chuck's stipulations were "Provide the access-list required on each router, so that BGP works, BGP neighbor relationships form, BGP routes are exchanged, but no other traffic occurs. I.e. no telnet, no ICMP, no EIGRP, no nothing." but no other traffic occurs
interface ATM0 ... ip access-group 100 out ip access-group 101 in ! access-list 100 permit tcp host Router_1 eq bgp host Router_2 gt 1023 access-list 100 permit tcp host Router_1 gt 1023 host Router_2 eq bgp access-list 101 permit tcp host Router_1 eq bgp host Router_2 gt 1023 access-list 101 permit tcp host Router_1 gt 1023 host Router_2 eq bgp ----- Original Message ----- From: "Sasa Milic" To: Sent: Thursday, November 08, 2001 10:32 AM Subject: Re: Friday Follies Returns on Thursday - Access-list [7:25701] > interface Ethernet0 > ... > ip access-group 100 in > ! > access-list 100 permit tcp host Router_1 eq bgp host Router_2 gt 1023 > access-list 100 permit tcp host Router_1 gt 1023 host Router_2 eq bgp > > Similar on Router_1. > > > Sasa > > > Chuck Larrieu wrote: > > > > Hey you bad boys and girls! > > > > In preparing my pod for BGP access across the net, I have run into > something > > I find fascinating. Rather than post the results, I shall instead pose this > > as Friday Follies on Thursday puzzle. > > > > The problem - to construct an access list such that the only thing that can > > happen is that BGP neighbor relationships form and BGP routes are > exchanged. > > > > Hint - there appears to be a trick, if my observations are correct. > > > > I will read your replies and provide my own observations and answer when I > > return from my travels on Friday evening. > > > > the layout: ( not that it matters in particular ) > > > > Router_1 Router_2 > > | | > > ---------------------------------- ethernet ( but it works the same for > > serial ) > > > > Provide the access-list required on each router, so that BGP works, BGP > > neighbor relationships form, BGP routes are exchanged, but no other traffic > > occurs. I.e. no telnet, no ICMP, no EIGRP, no nothing. > > > > Extra credit if your access-lists permit only the two routers involved to > > engage. > > > > Have Fun Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=25708&t=25701 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
