ACL to permit Routing Protocols

steven.pw.lau · ‎03-26-2008

Hi,

1)

For Router ACL, to permit routing information updates between R1 and R2, if R1 has an inbound ACL, for EIGRP, is the following enough?

(R1)

permit eigrp host R2 host 224.0.0.10

or do we need another line

(R1)

permit eigrp host R2 host 224.0.0.10

permit eigrp host R2 host R1

This is because when I tried this out, I would definately need another ACL line which permits eigrp from host R2 to host R1, if not, the EIGRP keeps flapping after a while.

Also, if for the case of ASA/PIX, do we do the same as the above or just permit to host 224.0.0.10 is sufficient?

2)

For OSPF, do we need to have 3 permit statements then?

permit ospf host A host 224.0.0.5

permit ospf host A host 224.0.0.6

permit ospf host A host B

or it'll depend on the OSPF configurations.. example, for NBMA networks.

permit ospf host A host 224.0.0.5

permit ospf host A host 224.0.0.6

permit ospf host A host B

and for point-to-point links

permit ospf host A host B

Do correct my ACL if I'm wrong :)

Thanks!

cjake7777 · ‎03-26-2008

You are thinkging about this way to much. Its alot more simple.

eigrp

access-list permit eigrp host R2 host R1

Thats it. The same idea goes for OSPF

access-list permit ospf host R2 host R1

try it out.

Dont worry about the multicast addresses

Jake