GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Reflective access-list over BGP posted 03/07/2007
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


Hi, GS
 Here is simply topolog
   R1--vlan 1---R2--vlan2--R3
  R1 and R3 are BGP peers, but R2 is not. 
  I tried to do reflective access-list on R2, permit Routing Prtocol(BGP) and ICMP both inbound and outbound. TCP and UDP traffic only be permitted from vlan1 to vlan 2. However, TCP and UDP traffice which original from vlan 2 are not permit go to vlan 1.
  My configuration as follows.

ip access-list extended INBOUND
 permit icmp any any
 permit tcp any any eq bgp
 permit tcp any eq bgp any
 permit tcp any any eq telnet
 permit tcp any eq telnet any
 evaluate REF 
ip access-list extended OUTBOUND
 permit icmp any any
 permit tcp any any reflect REF
 permit udp any any reflect REF

Here is output
R2#show ip access-list
Extended IP access list INBOUND
    10 permit icmp any any
    20 permit eigrp any any (8829 matches)
    30 permit tcp any any eq bgp
    40 permit tcp any any eq telnet (370 matches)
    50 permit tcp any eq telnet any
    60 evaluate REF
Extended IP access list OUTBOUND
    10 permit icmp any any
    20 permit tcp any any reflect REF (148 matches)
    30 permit udp any any reflect REF
Reflexive IP access list REF
     permit tcp host 1.1.1.1 eq bgp host 1.1.5.5 eq 18895 (24 matches) (time left 283)

My question is  why there is no match at list "30 permit tcp any any eq bgp"
Should I put another list permit tcp any eq bgp any ?
Any ideas?

Thanks!

My question is why there is no match at this list: