Problem ACL and OSPF

Answered Question
Sep 2nd, 2009
User Badges:

Hi,


I have two catalyst 6509 with IOS version 12.2(33)SXH5 and uses how routing protocol OSPF, but isn't operating.


I have the follwing ACLs:


ip access-list extended acl_vlan100

permit ip any 172.25.32.0 0.0.3.255

permit ip any 172.25.52.0 0.0.3.255

permit ip any 172.25.49.0 0.0.0.255

permit ip any 168.124.168.0 0.0.1.255

permit ip any 168.124.174.0 0.0.0.255

permit ip any 168.124.175.0 0.0.0.255

permit ip any 168.124.173.0 0.0.0.63

permit ip any 168.124.173.64 0.0.0.63

permit ip any 7.26.128.0 0.0.0.127

permit ip any 7.48.19.0 0.0.0.127

permit ip any 7.48.19.128 0.0.0.127

permit ip any 7.30.16.0 0.0.15.255

permit ip any 7.24.38.0 0.0.0.63

permit ip host 157.206.4.10 any

permit ip host 157.206.4.2 host 224.0.0.2

permit ip host 157.206.4.3 host 224.0.0.2

permit ip host 157.206.4.4 host 224.0.0.2

permit ip host 157.206.4.6 host 224.0.0.2

permit ip host 157.206.4.2 host 224.0.0.5

permit ip host 157.206.4.3 host 224.0.0.5

permit ip host 157.206.4.4 host 224.0.0.5

permit ip host 157.206.4.6 host 224.0.0.5

permit ip host 157.206.4.2 host 224.0.0.6

permit ip host 157.206.4.3 host 224.0.0.6

permit ip host 157.206.4.4 host 224.0.0.6

permit ip host 157.206.4.6 host 224.0.0.6

permit ip host 157.206.4.7 any

permit ip host 134.81.96.62 any

permit icmp any any

deny ip any any log

And the OSPF problems in the next lines:


157.206.4.3

-----------------

.Sep 2 08:52:26: %SEC-6-IPACCESSLOGRP: list acl_vlan100 denied ospf 157.206.4.4 -> 157.206.4.3, 83 packets

.Sep 2 08:52:26: %SEC-6-IPACCESSLOGRP: list acl_vlan100 denied ospf 157.206.4.6 -> 157.206.4.3, 71 packets

.Sep 2 08:54:26: %SEC-6-IPACCESSLOGRP: list acl_vlan100 denied ospf 157.206.4.2 -> 157.206.4.3, 47 packets

Sep 2 08:57:26: %SEC-6-IPACCESSLOGRP: list acl_vlan100 denied ospf 157.206.4.4 -> 157.206.4.3, 30 packets

Sep 2 08:57:26: %SEC-6-IPACCESSLOGRP: list acl_vlan100 denied ospf 157.206.4.6 -> 157.206.4.3, 40 packets

Sep 2 08:59:26: %SEC-6-IPACCESSLOGRP: list acl_vlan100 denied ospf 157.206.4.2 -> 157.206.4.3, 4 packets


157.206.4.2

------------------

*Sep 2 07:19:50: %SEC-6-IPACCESSLOGRP: list acl_vlan100 denied ospf 157.206.4.4 -> 157.206.4.2, 34 packets

*Sep 2 07:20:50: %SEC-6-IPACCESSLOGRP: list acl_vlan100 denied ospf 157.206.4.3 -> 157.206.4.2, 47 packets

*Sep 2 07:21:50: %SEC-6-IPACCESSLOGRP: list acl_vlan100 denied ospf 157.206.4.6 -> 157.206.4.2, 46 packets

*Sep 2 07:24:50: %SEC-6-IPACCESSLOGRP: list acl_vlan100 denied ospf 157.206.4.4 -> 157.206.4.2, 37 packets

.Sep 2 08:56:29: %SEC-6-IPACCESSLOGRP: list acl_vlan100 denied ospf 157.206.4.3 -> 157.206.4.2, 36 packets

.Sep 2 08:57:30: %SEC-6-IPACCESSLOGRP: list acl_vlan100 denied ospf 157.206.4.6 -> 157.206.4.2, 79 packets

Sep 2 09:00:30: %SEC-6-IPACCESSLOGRP: list acl_vlan100 denied ospf 157.206.4.4 -> 157.206.4.2, 5 packets

Sep 2 09:01:30: %SEC-6-IPACCESSLOGRP: list acl_vlan100 denied ospf 157.206.4.3 -> 157.206.4.2, 3 packets


The interface VLAN is configured:


interface Vlan100

ip address 157.206.4.3 255.255.255.0

ip access-group acl_vlan100 in

no ip unreachables

standby 100 ip 157.206.4.1

standby 100 priority 150

standby 100 preempt

end


¿Why have I this problems?




Correct Answer by srue about 7 years 8 months ago

you need to specifically allow OSPF.


permit ospf any any

or

permit ospf host x.x.x.x host x.x.x.x

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
srue Wed, 09/02/2009 - 08:29
User Badges:
  • Blue, 1500 points or more

you need to specifically allow OSPF.


permit ospf any any

or

permit ospf host x.x.x.x host x.x.x.x

ma.romero Wed, 09/02/2009 - 23:15
User Badges:

Hi,


Your help have been good.


Thansk for all.


A greeting

Actions

This Discussion