How to Block Rip Multicast

Unanswered Question
Jun 30th, 2008
User Badges:

Hi ,


Some of my customers using rip as routing protocols .. I'm getting updates from customer .Is it possible to block 224.0.0.9 multicast address ?

Regards

Karthick.M

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Mon, 06/30/2008 - 05:36
User Badges:
  • Purple, 4500 points or more

So you're running RIP as well? You could turn on passive interface (and should) if you don't need to share routes. You could also assist your customers in configuring RIP on their routers so they don't send RIP out their respective interfaces. There are other options as well, but we need a little more info to give you a more elegant response.



Pavel Bykov Mon, 06/30/2008 - 05:58
User Badges:
  • Silver, 250 points or more

So do you want to NOT receive the updates, or you want to receive it using other method? like unicast/broadcast?


Passive-interface command under rip process will disable sending out updates on that interface.


Eg.

router rip

passive-interface fastethernet 0/1


will disable sending out updates on that interface.

Pavel Bykov Mon, 06/30/2008 - 06:03
User Badges:
  • Silver, 250 points or more

To use broadcast instead of multicast, use "ip rip v2-broadcast" command on the INTERFACE where updates are being sent out.


To use unicast, you have to manually specify neighbor using "neighbor" command under the routing process. The catch is, that RIP is still going to send multicasts out the interface, so you have to combine "neighbor command" with the passive interface command.

lee.reade Mon, 06/30/2008 - 06:11
User Badges:
  • Silver, 250 points or more

Hi,


If you want to block rip going out an interface then make that interface a passive interface, as mentioned by earlier poster.


If you want to block any rip routes coming into your router from a specific interface then just configure an access-list and apply to interface in the inbound direction, eg.


access-list 101 deny udp any eq rip any eq rip

access-list 101 permit any any


HTH,


Cheers,


LR

karthick78 Mon, 06/30/2008 - 19:28
User Badges:

Hi,

Thanks to everyone ... I hope access list will work out for me ...

Thanks buddy


Regards,

Karthik

bvsnarayana03 Mon, 06/30/2008 - 23:05
User Badges:
  • Silver, 250 points or more

ACL will completely block the updates from neighbor, which may leave you with no alternate path in case pri path fails.


It would be good to turn on the connected interface to passive, & specify a neighbor command so that updates are sent unicast,


"passive-interface se0/0"


"neighbor x.x.x.x"

Actions

This Discussion