Infrastructure Access-List

Hello Martin

Let’s take a look at the topology again:

All ACLs that we are creating in this lesson are in an inbound direction relative to R1. So they would be typically applied on the Fa0/0 interface in an incoming direction.

That means that by definition, the source IP in our ACL can never be So for that reason alone, you wouldn’t want to apply something like this:

…since you’re only filtering incoming traffic, that is, traffic coming from the Internet towards R1. If you do, then it will never be matched, because would never be a source of incoming traffic.

The purpose of this access list is to allow BGP sessions to take place. In a BGP session, one router acts as a listener (or server), while the other initiates the connection (as a client). The listening router listens on TCP port 179 for incoming BGP connections. The router initiating the connection uses a random high-numbered port as its source port but connects to port 179 on the listening router. Because we don’t know if R1 is the listener or the client, we must allow for both contingencies, and that is why both statements are included.

I hope this has been helpful!


1 Like