From the output below, you can see that on my two router network, either router can start the BGP session. The thing is, I only want one router (ATM-BB) to be able to start the session, ie open a TCP session to port 179. I dont ever want the other router (TEST2) to start a TCP session with a destination port of 179.

So, the only way I figure I can do this is by putting an inbound ACL on the ATM-BB router and it works fine (Config below)

Question is, is this what you have to do to make this work or is there an equiv of an DLSW Passive command for BGP? and, what is the criteria, for who starts the session first, say, no ACL is applied and you do a clear ip bgp (must be sommat to do with the active timer or sommat)

Many thx indeed,

Ken

Config on ATM-BB Router

-----------------------

!

interface FastEthernet1

ip address 200.201.1.1 255.255.255.0

ip access-group 111 in

!

router bgp 253

neighbor 200.201.1.2 remote-as 5

!

access-list 111 deny tcp any any eq bgp

access-list 111 permit ip any any

Config on TEST2 Router

----------------------

!

interface FastEthernet1

ip address 200.201.1.2 255.255.255.0

!

router bgp 5

neighbor 200.201.1.1 remote-as 253

Results with ACL, Test2 gets "access denied" when tring to start the BGP session and then by the syn-ack received

back on ATM-BB, you know that ATM-BB has sent the SYN and started the session.

ATM-BB#

ATM-BB#

ATM-BB#

ATM-BB#

00:53:26: IP: s=200.201.1.2 (FastEthernet1), d=200.201.1.1, len 44, access denie d

00:53:26: TCP src=11017, dst=179, seq=2342290847, ack=0, win=16384 SYN

ATM-BB#

ATM-BB#

ATM-BB#

ATM-BB#

ATM-BB#

ATM-BB#

ATM-BB#

ATM-BB#

00:53:40: IP: s=200.201.1.2 (FastEthernet1), d=200.201.1.1 (FastEthernet1), len 44, rcvd 3

00:53:40: TCP src=179, dst=11018, seq=1245489616, ack=2525366980,

win=16384

ACK SYN

00:53:40: IP: s=200.201.1.2 (FastEthernet1), d=200.201.1.1, len 85, rcvd 0

00:53:40: TCP src=179, dst=11018, seq=1245489617, ack=2525367025,

win=16339

ACK PSH

00:53:40: IP: s=200.201.1.2 (FastEthernet1), d=200.201.1.1, len 59, rcvd 0

00:53:40: TCP src=179, dst=11018, seq=1245489662, ack=2525367044,

win=16320

ACK PSH

00:53:40: %BGP-5-ADJCHANGE: neighbor 200.201.1.2 Up

00:53:40: IP: s=200.201.1.2 (FastEthernet1), d=200.201.1.1, len 59, rcvd 0

00:53:40: TCP src=179, dst=11018, seq=1245489681, ack=2525367108,

win=16256

ACK PSH

00:53:40: IP: s=200.201.1.2 (FastEthernet1), d=200.201.1.1, len 40, rcvd 0

00:53:40: TCP src=179, dst=11018, seq=1245489700, ack=2525367146,

win=16218

ACK

ATM-BB#

ATM-BB#

ATM-BB#

********Router TEST2 starts the BGP session********************** ATM-BB# ATM-BB#

00:11:26: IP: s=200.201.1.2 (FastEthernet1), d=200.201.1.1, len 44, rcvd 0

00:11:26: TCP src=11005, dst=179, seq=3186708026, ack=0, win=16384 SYN

00:11:26: IP: s=200.201.1.2 (FastEthernet1), d=200.201.1.1, len 40, rcvd 0

00:11:26: TCP src=11005, dst=179, seq=3186708027, ack=243242607,

win=16384 A

CK

00:11:26: IP: s=200.201.1.2 (FastEthernet1), d=200.201.1.1, len 85, rcvd 0

00:11:26: TCP src=11005, dst=179, seq=3186708027, ack=243242607,

win=16384 A

CK PSH

00:11:26: IP: s=200.201.1.2 (FastEthernet1), d=200.201.1.1, len 59, rcvd 0

00:11:26: TCP src=11005, dst=179, seq=3186708072, ack=243242652,

win=16339 A

CK PSH

00:11:26: %BGP-5-ADJCHANGE: neighbor 200.201.1.2 Up

00:11:26: IP: s=200.201.1.2 (FastEthernet1), d=200.201.1.1, len 40, rcvd 0

00:11:26: TCP src=11005, dst=179, seq=3186708091, ack=243242671,

win=16320 A

CK

00:11:26: IP: s=200.201.1.2 (FastEthernet1), d=200.201.1.1, len 59, rcvd 0

00:11:26: TCP src=11005, dst=179, seq=3186708091, ack=243242773,

win=16218 A

CK PSH

ATM-BB#

ATM-BB#

ATM-BB#

ATM-BB#

00:12:27: IP: s=200.201.1.2 (FastEthernet1), d=200.201.1.1, len 59, rcvd 0

00:12:27: TCP src=11005, dst=179, seq=3186708110, ack=243242792,

win=16199 A

CK PSH

ATM-BB#

ATM-BB#

ATM-BB#

ATM-BB#

00:13:27: IP: s=200.201.1.2 (FastEthernet1), d=200.201.1.1, len 59, rcvd 0

00:13:27: TCP src=11005, dst=179, seq=3186708129, ack=243242811,

win=16180 A

CK PSH

00:13:27: IP: s=200.201.1.2 (FastEthernet1), d=200.201.1.1, len 111, rcvd 0

00:13:27: TCP src=11005, dst=179, seq=3186708148, ack=243242811,

win=16180 A

CK PSH

TEST2#

TEST2#

TEST2#

00:11:23: IP: s=200.201.1.1 (FastEthernet1), d=200.201.1.2 (FastEthernet1), len 44, rcvd 3

00:11:23: TCP src=179, dst=11005, seq=243242606, ack=3186708027,

win=16384 A

CK SYN

00:11:23: IP: s=200.201.1.1 (FastEthernet1), d=200.201.1.2, len 85, rcvd 0

00:11:23: TCP src=179, dst=11005, seq=243242607, ack=3186708072,

win=16339 A

CK PSH

00:11:23: IP: s=200.201.1.1 (FastEthernet1), d=200.201.1.2, len 59, rcvd 0

00:11:23: TCP src=179, dst=11005, seq=243242652, ack=3186708091,

win=16320 A

CK PSH

00:11:23: %BGP-5-ADJCHANGE: neighbor 200.201.1.1 Up

00:11:23: IP: s=200.201.1.1 (FastEthernet1), d=200.201.1.2, len 142, rcvd 0

00:11:23: TCP src=179, dst=11005, seq=243242671, ack=3186708091,

win=16320 A

CK PSH

00:11:23: IP: s=200.201.1.1 (FastEthernet1), d=200.201.1.2, len 40, rcvd 0

00:11:23: TCP src=179, dst=11005, seq=243242773, ack=3186708110,

win=16301 A

CK

TEST2#

TEST2#

TEST2#

00:12:24: IP: s=200.201.1.1 (FastEthernet1), d=200.201.1.2, len 59, rcvd 0

00:12:24: TCP src=179, dst=11005, seq=243242773, ack=3186708110,

win=16301 A

CK PSH

00:12:24: IP: s=200.201.1.1 (FastEthernet1), d=200.201.1.2, len 40, rcvd 0

00:12:24: TCP src=179, dst=11005, seq=243242792, ack=3186708129,

win=16282 A

CK

TEST2#

TEST2#

TEST2#

TEST2#

TEST2#

TEST2#

TEST2#

TEST2#

00:13:24: IP: s=200.201.1.1 (FastEthernet1), d=200.201.1.2, len 59, rcvd 0

00:13:24: TCP src=179, dst=11005, seq=243242792, ack=3186708129,

win=16282 A

CK PSH

00:13:24: IP: s=200.201.1.1 (FastEthernet1), d=200.201.1.2, len 40, rcvd 0

00:13:24: TCP src=179, dst=11005, seq=243242811, ack=3186708148,

win=16263 A

CK

00:13:24: IP: s=200.201.1.1 (FastEthernet1), d=200.201.1.2, len 40, rcvd 0

00:13:24: TCP src=179, dst=11005, seq=243242811, ack=3186708219,

win=16192 A

CK

----------------------------------------------------------------------------

---------

********Router ATM-BB starts the BGP session********************** TEST2# TEST2# TEST2#

00:15:46: IP: s=200.201.1.1 (FastEthernet1), d=200.201.1.2, len 44, rcvd 0

00:15:46: TCP src=11004, dst=179, seq=1036704196, ack=0, win=16384 SYN

00:15:46: IP: s=200.201.1.1 (FastEthernet1), d=200.201.1.2, len 40, rcvd 0

00:15:46: TCP src=11004, dst=179, seq=1036704197, ack=3716649371,

win=16384

ACK

00:15:46: IP: s=200.201.1.1 (FastEthernet1), d=200.201.1.2, len 85, rcvd 0

00:15:46: TCP src=11004, dst=179, seq=1036704197, ack=3716649371,

win=16384

ACK PSH

00:15:46: IP: s=200.201.1.1 (FastEthernet1), d=200.201.1.2, len 59, rcvd 0

00:15:46: TCP src=11004, dst=179, seq=1036704242, ack=3716649416,

win=16339

ACK PSH

00:15:46: %BGP-5-ADJCHANGE: neighbor 200.201.1.1 Up

00:15:47: IP: s=200.201.1.1 (FastEthernet1), d=200.201.1.2, len 40, rcvd 0

00:15:47: TCP src=11004, dst=179, seq=1036704261, ack=3716649435,

win=16320

ACK

00:15:47: IP: s=200.201.1.1 (FastEthernet1), d=200.201.1.2, len 59, rcvd 0

00:15:47: TCP src=11004, dst=179, seq=1036704261, ack=3716649525,

win=16230

ACK PSH

00:16:47: IP: s=200.201.1.1 (FastEthernet1), d=200.201.1.2, len 59, rcvd 0

00:16:47: TCP src=11004, dst=179, seq=1036704280, ack=3716649525,

win=16230

ACK PSH

00:16:47: IP: s=200.201.1.1 (FastEthernet1), d=200.201.1.2, len 40, rcvd 0

00:16:47: TCP src=11004, dst=179, seq=1036704299, ack=3716649544,

win=16211

ACK

TEST2#

ATM-BB#

ATM-BB#

ATM-BB#

ATM-BB#

ATM-BB#

00:15:49: IP: s=200.201.1.2 (FastEthernet1), d=200.201.1.1 (FastEthernet1), len

44, rcvd 3

00:15:49: TCP src=179, dst=11004, seq=3716649370, ack=1036704197,

win=16384

ACK SYN

00:15:49: IP: s=200.201.1.2 (FastEthernet1), d=200.201.1.1, len 85, rcvd 0

00:15:49: TCP src=179, dst=11004, seq=3716649371, ack=1036704242,

win=16339

ACK PSH

00:15:49: IP: s=200.201.1.2 (FastEthernet1), d=200.201.1.1, len 59, rcvd 0

00:15:49: TCP src=179, dst=11004, seq=3716649416, ack=1036704261,

win=16320

ACK PSH

00:15:49: %BGP-5-ADJCHANGE: neighbor 200.201.1.2 Up

00:15:50: IP: s=200.201.1.2 (FastEthernet1), d=200.201.1.1, len 130, rcvd 0

00:15:50: TCP src=179, dst=11004, seq=3716649435, ack=1036704261,

win=16320

ACK PSH

00:15:50: IP: s=200.201.1.2 (FastEthernet1), d=200.201.1.1, len 40, rcvd 0

00:15:50: TCP src=179, dst=11004, seq=3716649525, ack=1036704280,

win=16301

ACK

00:16:50: IP: s=200.201.1.2 (FastEthernet1), d=200.201.1.1, len 59, rcvd 0

00:16:50: TCP src=179, dst=11004, seq=3716649525, ack=1036704299,

win=16282

ACK PSH

ATM-BB#