Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Does Access-List block Routing updates

hi,

If I were to put an access-list deny ip any any, would it block any routing updates as well via the dynamic routing protocols.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Does Access-List block Routing updates

For OSPF:

access-list 100 permit ospf any any

For EIGRP:

access-list 100 permit eigrp any any

For BGP:

access-list 100 permit tcp any any eq 179

or

access-list 100 permit tcp any eq 179 any

depending on the direction you apply the access-list.

Cheers:

Istvan

5 REPLIES

Re: Does Access-List block Routing updates

Yes, definitely.

You should permit the proper routing protocol packets in the access-list if you want them to pass the access-list.

The acl statement permitting the routing protocol should be before the "deny ip any any" statement, of course.

Cheers:

Istvan

New Member

Re: Does Access-List block Routing updates

So if I were to permit routing updates via BGP, OSPF and RIP what would the access-list be like.

Thanks.

Re: Does Access-List block Routing updates

For OSPF:

access-list 100 permit ospf any any

For EIGRP:

access-list 100 permit eigrp any any

For BGP:

access-list 100 permit tcp any any eq 179

or

access-list 100 permit tcp any eq 179 any

depending on the direction you apply the access-list.

Cheers:

Istvan

Hall of Fame Super Silver

Re: Does Access-List block Routing updates

If the access list is applied inbound then Istvan is correct that an access list would deny the routing protocol packets unless there is a permit statement for them. However if the access list is applied outbound then the access list will not block the routing protocol packets (no matter whether there is a permit statement for them or not).

This is one of the odd things about access lists. An outbound access list does not examine (and will not block) any traffic that is generated by the router itself.

HTH

Rick

Re: Does Access-List block Routing updates

Hi Rick,

Thank you for your addition.

I really forgot to mention this.

Cheers:

Istvan

330
Views
10
Helpful
5
Replies
CreatePlease to create content