Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACL to permit Routing Protocols

Hi,

1)

For Router ACL, to permit routing information updates between R1 and R2, if R1 has an inbound ACL, for EIGRP, is the following enough?

(R1)

permit eigrp host R2 host 224.0.0.10

or do we need another line

(R1)

permit eigrp host R2 host 224.0.0.10

permit eigrp host R2 host R1

This is because when I tried this out, I would definately need another ACL line which permits eigrp from host R2 to host R1, if not, the EIGRP keeps flapping after a while.

Also, if for the case of ASA/PIX, do we do the same as the above or just permit to host 224.0.0.10 is sufficient?

2)

For OSPF, do we need to have 3 permit statements then?

permit ospf host A host 224.0.0.5

permit ospf host A host 224.0.0.6

permit ospf host A host B

or it'll depend on the OSPF configurations.. example, for NBMA networks.

permit ospf host A host 224.0.0.5

permit ospf host A host 224.0.0.6

permit ospf host A host B

and for point-to-point links

permit ospf host A host B

Do correct my ACL if I'm wrong :)

Thanks!

1 REPLY
New Member

Re: ACL to permit Routing Protocols

You are thinkging about this way to much. Its alot more simple.

eigrp

access-list permit eigrp host R2 host R1

Thats it. The same idea goes for OSPF

access-list permit ospf host R2 host R1

try it out.

Dont worry about the multicast addresses

Jake

496
Views
0
Helpful
1
Replies