08-06-2009 05:42 PM - edited 03-06-2019 07:08 AM
This line below means "deny ip any any"....correct?
deny ip 0.0.0.0 0.255.255.255 any
0.0.0.0 255.255.255.255 means "any", yes?
If so, this line, as part of an ACL, can indeed block an eBGP connection from forming were it to be applied on one of the peer interfaces. Correct?
I know that BGP is TCP, but the keyworkd "IP" in the ACL is all encompassing, right?
Thanks!
Solved! Go to Solution.
08-06-2009 05:58 PM
Joe
"0.0.0.0 255.255.255.255 means "any", yes ?"
Correct.
"If so, this line, as part of an ACL, can indeed block an eBGP connection from forming were it to be applied on one of the peer interfaces. Correct?"
Yes, if the acl was applied inbound on the interface and there was no entry before this line allowing BGP connectivity.
The keyword "ip" does indeed include TCP.
Jon
08-06-2009 05:58 PM
Joe
"0.0.0.0 255.255.255.255 means "any", yes ?"
Correct.
"If so, this line, as part of an ACL, can indeed block an eBGP connection from forming were it to be applied on one of the peer interfaces. Correct?"
Yes, if the acl was applied inbound on the interface and there was no entry before this line allowing BGP connectivity.
The keyword "ip" does indeed include TCP.
Jon
08-07-2009 09:05 AM
Jon, thanks fo rth e answer.
I made a mistake, though.
The ACL's line 150 is not 0.0.0.0 255.255.255.255
it's deny ip 0.0.0.0 0.255.255.255
What exactly does this line do? It seems that its saying that all traffic coming from a source ip address of 0.X.X.X should be blocked? What kind of source address will have a 0 in the first octet?
Thanks
08-07-2009 09:11 AM
"It seems that its saying that all traffic coming from a source ip address of 0.X.X.X should be blocked? What kind of source address will have a 0 in the first octet?"
Yes, it's to block anything sourced with a 0.x.x.x address. I would suspect a typo. =)
It could have been blackholing techniques also, but you'd see 192.168.0.0, 10.0.0.0, and 172.16.0.0 addresses in your acl as well.
HTH,
John
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide