8.1 REFLEXIVE ACL - PERMIT BGP & RIP

I put in a reflexive acl for 8.1 (traffic filtering) but didn't include bgp or rip. however it still works ???

i even reset bgp and debugged rip to check - Can anyone explain why it idoesn't seem to be required in this case but is included in the SG. When i saw the SG i thought - yeah that makes sense but when i looked at my routers, nothing was broken!!

Would appreciate any insight.
cheers
Andy

Rack1R6(config)#DO SH ACCESS-L

Reflexive IP access list OUTBOUND
permit tcp host 54.1.1.254 eq 57868 host 141.1.77.7 eq telnet (21 matches) (time left 251)
permit tcp host 54.1.1.254 eq telnet host 141.1.37.7 eq 61113 (15 matches) (time left 45)
Extended IP access list SOURCE_INSIDE
10 permit tcp any any reflect OUTBOUND (39 matches)
20 permit udp any any reflect OUTBOUND
30 permit icmp any any echo-reply (9 matches)
Extended IP access list TRAFFIC_FILTER
10 permit icmp any any echo log
30 permit tcp any 141.1.7.0 0.0.0.255 eq telnet log
40 permit tcp any 141.1.77.0 0.0.0.255 eq telnet log
50 permit tcp any host 141.1.88.100 eq www 443
60 permit tcp any any eq domain
70 permit udp any any eq domain
80 evaluate OUTBOUND
Rack1R6(config)#
Rack1R6(config)#
Rack1R6(config)#
Rack1R6(config)#
Rack1R6(config)#DO CLEAR IP BGP *
Rack1R6(config)#
*Mar 2 04:13:02.252: %BGP-5-ADJCHANGE: neighbor 54.1.1.254 Down User reset
*Mar 2 04:13:02.256: %BGP-5-ADJCHANGE: neighbor 141.1.123.2 Down User reset
*Mar 2 04:13:03.020: %BGP-5-ADJCHANGE: neighbor 54.1.1.254 Up
Rack1R6(config)#
*Mar 2 04:13:03.416: %BGP-5-ADJCHANGE: neighbor 141.1.123.2 Up
Rack1R6(config)#
Rack1R6(config)#
Rack1R6(config)#
Rack1R6(config)#DO SH BGP SUMM

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
54.1.1.254 4 54 1265 1262 14 0 0 00:00:35 10
141.1.123.2 4 200 1259 1265 14 0 0 00:00:34 3
Sign In or Register to comment.