No, no, no, you don't need outgoing access list if there are only two routers (Router_1 and Router_2). You don't have to block outgoing traffic on Router_1 since input ACL on Router_2 will block it. Even if you want to configure them with outgoing access list, you list is wrong ;) It should be:
On Router_1: access-list 100 permit tcp host Router_1 eq bgp host Router_2 gt 1023 access-list 100 permit tcp host Router_1 gt 1023 host Router_2 eq bgp access-list 101 permit tcp host Router_2 eq bgp host Router_1 gt 1023 access-list 101 permit tcp host Router_2 gt 1023 host Router_1 eq bgp Sasa Donald wrote: > > You would need an access list blocking traffic going out too. In will allow > traffic to cross the link but the router will drop it. > I think one of Chuck's stipulations were > "Provide the access-list required on each router, so that BGP works, BGP > neighbor relationships form, BGP routes are exchanged, but no other traffic > occurs. I.e. no telnet, no ICMP, no EIGRP, no nothing." > but no other traffic occurs > > interface ATM0 > ... > ip access-group 100 out > ip access-group 101 in > ! > access-list 100 permit tcp host Router_1 eq bgp host Router_2 gt 1023 > access-list 100 permit tcp host Router_1 gt 1023 host Router_2 eq bgp > access-list 101 permit tcp host Router_1 eq bgp host Router_2 gt 1023 > access-list 101 permit tcp host Router_1 gt 1023 host Router_2 eq bgp > > ----- Original Message ----- > From: "Sasa Milic" > To: > Sent: Thursday, November 08, 2001 10:32 AM > Subject: Re: Friday Follies Returns on Thursday - Access-list [7:25701] > > > interface Ethernet0 > > ... > > ip access-group 100 in > > ! > > access-list 100 permit tcp host Router_1 eq bgp host Router_2 gt 1023 > > access-list 100 permit tcp host Router_1 gt 1023 host Router_2 eq bgp > > > > Similar on Router_1. > > > > > > Sasa > > > > > > Chuck Larrieu wrote: > > > > > > Hey you bad boys and girls! > > > > > > In preparing my pod for BGP access across the net, I have run into > > something > > > I find fascinating. Rather than post the results, I shall instead pose > this > > > as Friday Follies on Thursday puzzle. > > > > > > The problem - to construct an access list such that the only thing that > can > > > happen is that BGP neighbor relationships form and BGP routes are > > exchanged. > > > > > > Hint - there appears to be a trick, if my observations are correct. > > > > > > I will read your replies and provide my own observations and answer when > I > > > return from my travels on Friday evening. > > > > > > the layout: ( not that it matters in particular ) > > > > > > Router_1 Router_2 > > > | | > > > ---------------------------------- ethernet ( but it works the same > for > > > serial ) > > > > > > Provide the access-list required on each router, so that BGP works, BGP > > > neighbor relationships form, BGP routes are exchanged, but no other > traffic > > > occurs. I.e. no telnet, no ICMP, no EIGRP, no nothing. > > > > > > Extra credit if your access-lists permit only the two routers involved > to > > > engage. > > > > > > Have Fun Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=25711&t=25701 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
