8.2 Traffic filtering

Hi

the filter-list should look like

ip access-list extended BGP-Filter
 permit tcp host 192.168.4.4 host 192.168.5.5 eq bgp
 permit tcp host 192.168.4.4 eq bgp host 192.168.5.5
 deny   tcp any any eq bgp
 deny   tcp any eq bgp any
 deny   gre any any
 deny   ipinip any any
 permit ip any any

 

The VPNv4 BGP-Session between R4 and R5 needs the first two statements.  If they are missing the routers couldn't establish the session. The PE-CE sessions is not needed in this statement cause the packets runs over another interface (eth0/1.58)

Ueli

Comments

  • The answer shows the access-list applied to the inbound side of Eth0/1.58.  Therefore, the PE-CE BGP session needs to be added to the access-list like below.

    ip access-list extended BGP_filter
     permit tcp host 129.1.58.8 eq bgp host 129.1.58.5
     permit tcp host 129.1.58.8 host 129.1.58.5 eq bgp
     deny   tcp any eq bgp any
     deny   tcp any any eq bgp
     deny   gre any any
     deny   ipinip any any
     permit ip any any

     

Sign In or Register to comment.