Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Stupid Question Time

This line below means "deny ip any any"....correct?

deny ip 0.0.0.0 0.255.255.255 any

0.0.0.0 255.255.255.255 means "any", yes?

If so, this line, as part of an ACL, can indeed block an eBGP connection from forming were it to be applied on one of the peer interfaces. Correct?

I know that BGP is TCP, but the keyworkd "IP" in the ACL is all encompassing, right?

Thanks!

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: Stupid Question Time

Joe

"0.0.0.0 255.255.255.255 means "any", yes ?"

Correct.

"If so, this line, as part of an ACL, can indeed block an eBGP connection from forming were it to be applied on one of the peer interfaces. Correct?"

Yes, if the acl was applied inbound on the interface and there was no entry before this line allowing BGP connectivity.

The keyword "ip" does indeed include TCP.

Jon

3 REPLIES
Hall of Fame Super Blue

Re: Stupid Question Time

Joe

"0.0.0.0 255.255.255.255 means "any", yes ?"

Correct.

"If so, this line, as part of an ACL, can indeed block an eBGP connection from forming were it to be applied on one of the peer interfaces. Correct?"

Yes, if the acl was applied inbound on the interface and there was no entry before this line allowing BGP connectivity.

The keyword "ip" does indeed include TCP.

Jon

New Member

Re: Stupid Question Time

Jon, thanks fo rth e answer.

I made a mistake, though.

The ACL's line 150 is not 0.0.0.0 255.255.255.255

it's deny ip 0.0.0.0 0.255.255.255

What exactly does this line do? It seems that its saying that all traffic coming from a source ip address of 0.X.X.X should be blocked? What kind of source address will have a 0 in the first octet?

Thanks

Re: Stupid Question Time

"It seems that its saying that all traffic coming from a source ip address of 0.X.X.X should be blocked? What kind of source address will have a 0 in the first octet?"

Yes, it's to block anything sourced with a 0.x.x.x address. I would suspect a typo. =)

It could have been blackholing techniques also, but you'd see 192.168.0.0, 10.0.0.0, and 172.16.0.0 addresses in your acl as well.

HTH,

John

HTH, John *** Please rate all useful posts ***
107
Views
0
Helpful
3
Replies
CreatePlease to create content