BGP Peering & Security Hardening Lab

Border Gateway Protocol (BGP) is the fundamental "language" of the internet, functioning as a Path Vector protocol that manages how packets are routed across the globe. This lab focuses on establishing external eBGP adjacency between AS 100 (Core) and AS 200 (ISP), verifying prefix propagation, and hardening the interface against unauthorized traffic using Extended Access Control Lists. Mastering BGP is essential for ensuring redundant, stable connections in enterprise and campus environments where traffic must traverse multiple external providers.

PHASE 1: BGP INFRASTRUCTURE [DONE]

CLI LOG: ROUTER0_CORE


! Define Core interface and establish neighbor relationship
Router0(config)# int g0/0
Router0(config-if)# ip addr 192.168.1.1 255.255.255.252
Router0(config-if)# no shut
Router0(config-if)# router bgp 100
Router0(config-router)# neighbor 192.168.1.2 remote-as 200
Router0(config-router)# network 10.10.10.0 mask 255.255.255.0

CLI LOG: ROUTER1_ISP


! Establish neighbor relationship and verify prefix receipt
Router1(config)# int g0/0
Router1(config-if)# ip addr 192.168.1.2 255.255.255.252
Router1(config-if)# no shut
Router1(config-if)# router bgp 200
Router1(config-router)# neighbor 192.168.1.1 remote-as 100
Router1# show ip route bgp

PHASE 2: SECURITY HARDENING (ACL) [DONE]

SECURITY POLICY 101 APPLIED


! Define Extended ACL: Deny ICMP, permit BGP (TCP 179) and other IP traffic
Router0(config)# access-list 101 deny icmp any any
Router0(config)# access-list 101 permit tcp any any eq 179
Router0(config)# access-list 101 permit ip any any
Router0(config)# int g0/0
Router0(config-if)# ip access-group 101 in

VERIFICATION: Router1# ping 192.168.1.1


Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
UUUUU
Success rate is 0 percent (0/5)

Checkpoint: Infrastructure Hardened

The lab is successful. We have established eBGP adjacency while simultaneously securing the interface. The "UUUUU" (Unreachable) status on Router1 verifies that ICMP packets are dropped, confirming that the Extended Access Control List is correctly blocking management-plane traffic while the control-plane (BGP/TCP 179) remains active.

Also see: Demo: 1921/K9 High-Speed Point-to-Point Routing task →

| Accessibility --overview | Agile --DevOps overview --Principles | API --REST best practices --REST demo --REST vs RPC --Wikipedia API | Blockchain --overview | Cloud --AWS overview | CSS/HTML --Bootstrap carousel --Grid demo --markdown demo | Electricity --fundamentals | Encoding --Overview | Ergonomics --Desk configuration --Device fleet --Input device array --keystroke mechanics --Phones & RSI | ERP --Anthology overview --Ellucian Banner --Higher Ed ERP Simulation Lab --PeopleSoft Campus Solutions --PESC standards --Slate data model | Git --syntax overview --troubleshooting libcrypto | Hardware --Device fleet --Homelab diagram | Java --Fundamentals | Javascript --Advanced Interaction: jQuery & UI Frameworks --input prompt demo --misc demo --Time and Date functions --Vue demo | Linux --grep demo --HCI and Proxmox --Proxmox install --xammp ftp server | Mail flow --DKIM, SPF, DMARC --MAPI | Microsoft --AZ-800: Administering Windows Server Hybrid Core Infrastructure --BAT scripting --Group Policy --IIS --robocopy --Server 2022 setup - Virtualbox | Misc --Applications --regex --Resources --Sustainable Computing --Terminology --Tribute to Computer Scientists | Networks --BGP Peering & Security Hardening Lab --CCNA Lammle Study Guide --Cisco 1921/K9 router --routing protocols --throughput calculations | PHP/SQL --Cookies --database interaction --demo, OSI Layers quiz --Foreign key constraint demo --fundamentals --MySQL and PHPmyAdmin setup --pagination --security --session variables --SQL fundamentals --structures --Tables display | Python --fundamentals | Security --Overview- GRC (Governance, Risk, and Compliance) --Security Blog --SSH fundamentals | Serialization --JSON demo --YAML demo