Re: OSPF ACL

From: Gary Duncanson (gary.duncanson@googlemail.com)
Date: Wed Aug 01 2007 - 17:48:45 ART

• Next message: Carlos G Mendioroz: "Re: OSPF ACL"
• Previous message: Djerk Geurts: "FW: OSPF ACL"
• Maybe in reply to: Djerk Geurts: "OSPF ACL"
• Next in thread: Carlos G Mendioroz: "Re: OSPF ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I was wondering that myself.
----- Original Message -----
From: "Djerk Geurts" <djerk.geurts@nl.easynet.net>
To: <ccielab@groupstudy.com>
Sent: Wednesday, August 01, 2007 8:07 PM
Subject: RE: OSPF ACL

> Sorry, should have mentioned that passive interface is not allowed...
>
>> -----Original Message-----
>> From: Serhat Aslan [mailto:serhatworks@gmail.com]
>> Sent: woensdag 1 augustus 2007 21:06
>> To: Djerk Geurts
>> Cc: ccielab@groupstudy.com
>> Subject: Re: OSPF ACL
>>
>> Hi Djerk,
>> Use the passive interface :).I couldn't see why the
>> access-list hadn't worked, statements seems ok.
>>
>>
>> Serhat Aslan
>>
>>
>>
>> On 8/1/07, Djerk Geurts <djerk.geurts@nl.easynet.net> wrote:
>>
>> If I want to block hello's from being sent out an
>> interface on the
>> router itself. Can I use an ACL? I've tried it and it
>> doesn't work...
>>
>> IOS: 3640 /w 12.4(8c) or 12.4(7e) IP+
>>
>> interface FastEthernet0/0
>> description *** C3548 F0/3 - VL3 O#3 ***
>> ip address 15.1.3.3 255.255.255.0 <http://255.255.255.0>
>> ip access-group NACL-R3-F0/0-OUT out
>> ip ospf 1 area 3
>>
>>
>> R3#sh access-list
>> Extended IP access list NACL-R3-F0/0-OUT
>> 10 deny ip any host 224.0.0.5
>> 20 deny ospf any host 224.0.0.5
>> 30 deny ospf any any
>> 40 permit ip any any
>>
>> R3#
>> *Mar 17 00:01:32.891: OSPF: Send hello to 224.0.0.5 area 3 on
>> FastEthernet0/0 from 152.1.3.3
>> *Mar 17 00:01:32.891 : IP: s=152.1.3.3 (local), d=
>> 224.0.0.5 <http://224.0.0.5>
>> (FastEthernet0/0), len 76, sending broad/multicast
>>
>> The debug shows that the router generates and sends hellos, the
>> interface counters increate as do the counters on the
>> attached switch.
>> So all in all either one can't filter this on the
>> router itself and I
>> need to config it on the switch. Or, these IOSes are
>> broken. Or, I'm
>> doing something utterly wrong.
>>
>> I do have another solution that does work which is to
>> set the network
>> type to non-broadcast which stops the router from
>> sending hello's but if
>> another device were to initiate a neighborship the
>> router would respond
>> resulting in hellos being sent.
>>
>> --
>> Djerk
>> www.djerk.nl
>>
>>
>> ______________________________________________________________
>> _________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Carlos G Mendioroz: "Re: OSPF ACL"
• Previous message: Djerk Geurts: "FW: OSPF ACL"
• Maybe in reply to: Djerk Geurts: "OSPF ACL"
• Next in thread: Carlos G Mendioroz: "Re: OSPF ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Sep 01 2007 - 11:32:09 ART