Blocking RIP updates ?

Answered Question
Mar 24th, 2008
User Badges:

Hi,

Is there a way to block RIP updates 'outbound' on a router interface ?

I realise that it is probably better to block them 'inbound' to save unnecessary processing. But I cannot get outbound to work. I am using the following acl :


access-list 100 deny udp any any eq rip


int e0

ip access-group 100 out


Regards,


Phil.

Correct Answer by Jon Marshall about 9 years 1 month ago

Phil


Apologies Phil, didn't mean to patronise you.


No this won't work because an access-list applied outbound on an interface does not stop packets sourced by the router itself.


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jon Marshall Mon, 03/24/2008 - 11:39
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi Phil


You can use the "passive-interface" command to achieve this ie. from Cisco doc


=============================================


For RIP and IGRP, the passive interface command stops the router from sending updates to a particular neighbor, but the router continues to listen and use routing updates from that neighbor;


=============================================


Full link


http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080208748.shtml


HTH


Jon

philipbarker Mon, 03/24/2008 - 11:44
User Badges:

Thanks John,

I understand the passive-interface operation. Can you confirm if it is or isn't possible though to filter the udp broadcasts 'outbound' a router interface ?


Regards,


Phil.

Correct Answer
Jon Marshall Mon, 03/24/2008 - 11:56
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Phil


Apologies Phil, didn't mean to patronise you.


No this won't work because an access-list applied outbound on an interface does not stop packets sourced by the router itself.


Jon

philipbarker Mon, 03/24/2008 - 12:18
User Badges:

Hi John,

No need to apologise. I am just trying to do things in as many different ways as possible so that my options remain open.


Regards,


Phil.

Actions

This Discussion