‚ < ‚ Free Open Study ‚ > ‚ |
Problem: BGP Neighbors (External and Internal) Not Coming Up ‚ Cause: Interface Access List Blocking BGP PacketsInterface access list/filters are another common cause of BGP neighbor activation problems. If an interface access list unintentionally blocks TCP packets that carry BGP protocol packets, the BGP neighbor will not come up. Figure 15-8 shows the flowchart to follow to fix this problem. Figure 15-8. Problem-Resolution Flowchart Debugs and VerificationExample 15-20 shows sample access list 101 that explicitly blocks TCP. Example 15-20 shows access list 102 that has an implicit deny of BGP because Cisco IOS Software has an implicit deny at the end of each access list. Both access lists 101 and 102 will prevent a BGP neighbor relationship from coming up. Example 15-20 Access List Configuration Blocking BGP NeighborsR1# access-list 101 deny tcp any any access-list 101 deny udp any any access-list 101 permit ip any any interface ethernet 0 ip access-group 101 in access-list 102 permit udp any any access-list 102 permit ospf any any interface ethernet 0 ip access-group 102 in SolutionAn interface access list must permit the BGP port (TCP port 179) explicitly or implicitly to allow neighbor relationships. Example 15-21 shows the revised access list configuration that allows BGP. Example 15-21 Access List Configuration Permitting BGPR1# no access-list 101 access-list 101 deny udp any any access-list 101 permit tcp any any eq bgp access-list 101 permit ip any any All BGP packets will be permitted because of the second line in access list 101. |
‚ < ‚ Free Open Study ‚ > ‚ |