RE: OSPF ACL

From: Djerk Geurts (djerk.geurts@nl.easynet.net)
Date: Wed Aug 01 2007 - 16:07:55 ART

• Next message: Guyler, Rik: "RE: Unique AS number when connecting to two different ISP's?"
• Previous message: Djerk Geurts: "RE: NOT ABLE TO PING ROUTER OWN INTERFACE IP"
• Maybe in reply to: Djerk Geurts: "OSPF ACL"
• Next in thread: Sadiq Yakasai: "Re: OSPF ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Sorry, should have mentioned that passive interface is not allowed...

> -----Original Message-----
> From: Serhat Aslan [mailto:serhatworks@gmail.com]
> Sent: woensdag 1 augustus 2007 21:06
> To: Djerk Geurts
> Cc: ccielab@groupstudy.com
> Subject: Re: OSPF ACL
>
> Hi Djerk,
> Use the passive interface :).I couldn't see why the
> access-list hadn't worked, statements seems ok.
>
>
> Serhat Aslan
>
>
>
> On 8/1/07, Djerk Geurts <djerk.geurts@nl.easynet.net> wrote:
>
> If I want to block hello's from being sent out an
> interface on the
> router itself. Can I use an ACL? I've tried it and it
> doesn't work...
>
> IOS: 3640 /w 12.4(8c) or 12.4(7e) IP+
>
> interface FastEthernet0/0
> description *** C3548 F0/3 - VL3 O#3 ***
> ip address 15.1.3.3 255.255.255.0 <http://255.255.255.0>
> ip access-group NACL-R3-F0/0-OUT out
> ip ospf 1 area 3
>
>
> R3#sh access-list
> Extended IP access list NACL-R3-F0/0-OUT
> 10 deny ip any host 224.0.0.5
> 20 deny ospf any host 224.0.0.5
> 30 deny ospf any any
> 40 permit ip any any
>
> R3#
> *Mar 17 00:01:32.891: OSPF: Send hello to 224.0.0.5 area 3 on
> FastEthernet0/0 from 152.1.3.3
> *Mar 17 00:01:32.891 : IP: s=152.1.3.3 (local), d=
> 224.0.0.5 <http://224.0.0.5>
> (FastEthernet0/0), len 76, sending broad/multicast
>
> The debug shows that the router generates and sends hellos, the
> interface counters increate as do the counters on the
> attached switch.
> So all in all either one can't filter this on the
> router itself and I
> need to config it on the switch. Or, these IOSes are
> broken. Or, I'm
> doing something utterly wrong.
>
> I do have another solution that does work which is to
> set the network
> type to non-broadcast which stops the router from
> sending hello's but if
> another device were to initiate a neighborship the
> router would respond
> resulting in hellos being sent.
>
> --
> Djerk
> www.djerk.nl
>
>
> ______________________________________________________________
> _________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Guyler, Rik: "RE: Unique AS number when connecting to two different ISP's?"
• Previous message: Djerk Geurts: "RE: NOT ABLE TO PING ROUTER OWN INTERFACE IP"
• Maybe in reply to: Djerk Geurts: "OSPF ACL"
• Next in thread: Sadiq Yakasai: "Re: OSPF ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Sep 01 2007 - 11:32:09 ART