Using BGP listen ranges on LAN or WAN interfaces - Using-BGP-listen-ranges-on-LAN-or-WAN-interfaces/Using-BGP-listen-ranges-on-LAN-or-WAN-interfaces

Using BGP listen ranges on LAN or WAN interfaces
NetCloud Feature
Networking
ft:locale
en-US
ft:sourceName
Salesforce
allViewCount
1287
Document Type
Article

Configure BGP listen ranges on a LAN or WAN interface

  • BGP listen range configured for LAN or WAN subnet
  • Example Topology Illustration:
bgp listen on lan
  1. Configure BGP listen range per instructions in How to Configure Dynamic BGP Neighbors on a DMVPN Hub
  2. Configure Zone Forwarding from the appropriate source zone to the "Router Zone" to allow BGP traffic. For example, LAN Zone > Router Zone Allow All or WAN Zone > Router Zone Allow All
    • This policy will impact other services that terminate in the "Router Zone" (e.g. WAN pings, management access (HTTP/S & SSH), etc.). Make sure your policy includes all the desired services.
When configuring BGP listen ranges in a DMVPN/mGRE environment, Cradlepoint devices automatically create a hole in the firewall for BGP traffic from the listen-range subnet. This is automatic firewall hole is not created when the BGP listen range maps to WAN or LAN interface(s).