Problem: BGP Neighbors (External and Internal) Not Coming Up-Cause: Interface Access List Blocking BGP Packets

Problem: BGP Neighbors (External and Internal) Not Coming Up ‚ Cause: Interface Access List Blocking BGP Packets

Interface access list/filters are another common cause of BGP neighbor activation problems. If an interface access list unintentionally blocks TCP packets that carry BGP protocol packets, the BGP neighbor will not come up.

Figure 15-8 shows the flowchart to follow to fix this problem.

Debugs and Verification

Example 15-20 shows sample access list 101 that explicitly blocks TCP. Example 15-20 shows access list 102 that has an implicit deny of BGP because Cisco IOS Software has an implicit deny at the end of each access list.

Both access lists 101 and 102 will prevent a BGP neighbor relationship from coming up.

Example 15-20 Access List Configuration Blocking BGP Neighbors

 R1#  access-list 101 deny tcp any any   access-list 101 deny udp any any   access-list 101 permit ip any any   interface ethernet 0   ip access-group 101 in   access-list 102 permit udp any any   access-list 102 permit ospf any any   interface ethernet 0  ip access-group 102 in 

Solution

An interface access list must permit the BGP port (TCP port 179) explicitly or implicitly to allow neighbor relationships.

Example 15-21 shows the revised access list configuration that allows BGP.

Example 15-21 Access List Configuration Permitting BGP

 R1#  no access-list 101   access-list 101 deny udp any any   access-list 101 permit tcp any any eq bgp   access-list 101 permit ip any any  

All BGP packets will be permitted because of the second line in access list 101.