We can use the "Neighbor x.x.x.x transport connection-mode passive/Active"
command, the passive will be the server and the active will be the client.
Is this what you guys are looking for?
On Tue, Nov 9, 2010 at 2:42 PM, Adam Booth <adam.booth_at_gmail.com> wrote:
> My understanding is that within the BGP peering relationship - initially
> the
> neighbor with the highest IP address will initially attempt to connect to
> the neighbor with the lowest IP address - the destination port is TCP 179
> but the source port is TCP 1024+
>
> Given enough time without a BGP session established (around 5 minutes or
> so), the peer neighbor with the lowest IP address will eventually attempt
> to
> start the BGP conversation.
>
> It is enough to have a single line in the acl for BGP - however having the
> ACL support both directions ensures a relatively fast BGP session setup
> without having to specifically think about which side has the higher or
> lower IP.
>
> Cheers,
> Adam
>
> On Wed, Nov 10, 2010 at 5:08 AM, Ryan West <rwest_at_zyedge.com> wrote:
>
> > Matt,
> >
> > One side is server and one side is client.
> >
> > The statement should read:
> >
> >
> > permit tcp host 192.168.67.7 eq bgp host 192.168.67.6*
> >
> > permit tcp host 192.168.67.7 host 192.168.67.6 eq bgp*
> >
> > That would cover the local router acting as server or client.
> >
> > -ryan
> >
> > -----Original Message-----
> > From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> > Matt Sherman
> > Sent: Tuesday, November 09, 2010 2:01 PM
> > To: Cisco certification
> > Subject: BGP ACL
> >
> > Hello,
> >
> > If I need to permit inbound BGP peering from R7 with an ACL on R6, the
> > syntax i always see is what's pasted below. The first permit statement
> > seems to do the trick just fine and the second doesn't make sense to me
> as
> > R6 wouldn't see BGP messages sourced from itself (192.168.67.6). Can
> > anyone explain the purpose of the second statement? Thanks
> >
> > AS 6 AS 7
> > (R6) S1/0 ---- 192.168.67.0 ---- S1/0 (R7)
> >
> >
> >
> > *R6*
> >
> > *ip access-list extended BGP*
> >
> > * **permit tcp host 192.168.67.7 eq bgp host 192.168.67.6*
> >
> > * permit tcp host 192.168.67.6 host 192.168.67.7 eq bgp*
> >
> > *!*
> >
> > *int s1/0*
> >
> > *** ip access-group BGP in*
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- *Narbik Kocharians *CCSI#30832, CCIE# 12410 (R&S, SP, Security) www.MicronicsTraining.com <http://www.micronicstraining.com/> Sr. Technical Instructor *Ask about our FREE Lab Voucher with our Boot Camps* YES! We take Cisco Learning Credits! Training & Remote Racks available Blogs and organic groups at http://www.ccie.netReceived on Tue Nov 09 2010 - 14:48:19 ART
This archive was generated by hypermail 2.2.0 : Sun Dec 05 2010 - 22:14:55 ART