Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

OSPF dies when apply ACL

I'm using the following ACL on my distribution router which connects to core and as soon as as i apply inboud or outboud the ospf dies, i see the log dead time expired. Do I need to allow anything in the ACL for OSPF to work? Please advice

ip access-list extended my-filter-inbound

permit ip 10.8.0.0 0.0.255.255 10.13.0.0 0.0.255.255

permit ip 10.1.31.0 0.0.0.255 10.13.0.0 0.0.255.255

permit ip 10.1.32.0 0.0.0.255 10.13.0.0 0.0.255.255

permit ip 10.5.30.0 0.0.0.255 10.13.0.0 0.0.255.255

permit ip 10.7.149.0 0.0.0.255 10.13.0.0 0.0.255.255

interface vlan 320

ip access-group my-filter-inbound in

ip access-group my-filter-inbound out

7 REPLIES
Hall of Fame Super Bronze

Re: OSPF dies when apply ACL

OSPF is its own protocol, so you need something like:

permit ospf [source] [destination]

Re: OSPF dies when apply ACL

Add 'permit ospf any any' to the existing ACL to allow OSPF packets.

HTH

Sundar

Blue

Re: OSPF dies when apply ACL

I imagine that you are using a point-to-point OSPF network type, since you are talking about the links between your core and distribution layer switches in the data Center. Recall that with OSPF point-to-point networks, LSAs are multicast to on 224.0.0.5, the AllSPFRouters address.

try allowing such traffic as part of the access list and get back to us with the results.

HTH

Thanks

Re: OSPF dies when apply ACL

I agree with Edison and Sundar and it would be better to allow all ospf packets

Have a look at this link. though it talks about vulnerabilities in ospf it would give an idea of how to configure an access-list that would permit ospf packets and maintain adjacency

http://www.cisco.com/en/US/products/products_security_response09186a008014ac50.html

HTH

Narayan

please rate all useful posts

Blue

Re: OSPF dies when apply ACL

Royal:

I was giving the questioner a conceptual solution and approach, not the actual config lines. The point I was making was that OSPF traffic should be permitted and why it is that his access list fails ot permit it.

New Member

Re: OSPF dies when apply ACL

Thanks everyone for their valuable input. I tired both solution, ie permit ospf any any and permit ospf multicast packet and both have worked flawlessly. At this time I'm going to use permit ospf any any (for simplicity).

Blue

Re: OSPF dies when apply ACL

Glad ot hear it, Nawas!

479
Views
5
Helpful
7
Replies
CreatePlease login to create content