Examples of implementing restrictive filters limiting access to BGP (TCP 179)

Can anyone give me some examples of implementing  restrictive filters or access-list limiting access to BGP (TCP 179) to only the necessary peers.

example configs:

router bgp 70000
network mask
Who is Participating?
PennGwynConnect With a Mentor Commented:

access-list 101 permit tcp host any eq 179
access-list 101 deny tcp any any eq 179
access-list 101 permit ip any any

interface Serial0/0
access-group 101 in

But that's cumbersome, and you may already be using an access-list on that interface.  And it won't protect you from somebody spoofing your neighbor's address as the source.

A simpler approach is to encrypt the link:

neighbor password "oursharedsecret"

which will allow BGP packets only if they come from somebody who has the same secret configured on their neighbor statement pointing at you.

(This is the recommended fix for the issue that Cisco and others raised last week....)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.