Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Problem ACL and OSPF

Hi,

I have two catalyst 6509 with IOS version 12.2(33)SXH5 and uses how routing protocol OSPF, but isn't operating.

I have the follwing ACLs:

ip access-list extended acl_vlan100

permit ip any 172.25.32.0 0.0.3.255

permit ip any 172.25.52.0 0.0.3.255

permit ip any 172.25.49.0 0.0.0.255

permit ip any 168.124.168.0 0.0.1.255

permit ip any 168.124.174.0 0.0.0.255

permit ip any 168.124.175.0 0.0.0.255

permit ip any 168.124.173.0 0.0.0.63

permit ip any 168.124.173.64 0.0.0.63

permit ip any 7.26.128.0 0.0.0.127

permit ip any 7.48.19.0 0.0.0.127

permit ip any 7.48.19.128 0.0.0.127

permit ip any 7.30.16.0 0.0.15.255

permit ip any 7.24.38.0 0.0.0.63

permit ip host 157.206.4.10 any

permit ip host 157.206.4.2 host 224.0.0.2

permit ip host 157.206.4.3 host 224.0.0.2

permit ip host 157.206.4.4 host 224.0.0.2

permit ip host 157.206.4.6 host 224.0.0.2

permit ip host 157.206.4.2 host 224.0.0.5

permit ip host 157.206.4.3 host 224.0.0.5

permit ip host 157.206.4.4 host 224.0.0.5

permit ip host 157.206.4.6 host 224.0.0.5

permit ip host 157.206.4.2 host 224.0.0.6

permit ip host 157.206.4.3 host 224.0.0.6

permit ip host 157.206.4.4 host 224.0.0.6

permit ip host 157.206.4.6 host 224.0.0.6

permit ip host 157.206.4.7 any

permit ip host 134.81.96.62 any

permit icmp any any

deny ip any any log

And the OSPF problems in the next lines:

157.206.4.3

-----------------

.Sep 2 08:52:26: %SEC-6-IPACCESSLOGRP: list acl_vlan100 denied ospf 157.206.4.4 -> 157.206.4.3, 83 packets

.Sep 2 08:52:26: %SEC-6-IPACCESSLOGRP: list acl_vlan100 denied ospf 157.206.4.6 -> 157.206.4.3, 71 packets

.Sep 2 08:54:26: %SEC-6-IPACCESSLOGRP: list acl_vlan100 denied ospf 157.206.4.2 -> 157.206.4.3, 47 packets

Sep 2 08:57:26: %SEC-6-IPACCESSLOGRP: list acl_vlan100 denied ospf 157.206.4.4 -> 157.206.4.3, 30 packets

Sep 2 08:57:26: %SEC-6-IPACCESSLOGRP: list acl_vlan100 denied ospf 157.206.4.6 -> 157.206.4.3, 40 packets

Sep 2 08:59:26: %SEC-6-IPACCESSLOGRP: list acl_vlan100 denied ospf 157.206.4.2 -> 157.206.4.3, 4 packets

157.206.4.2

------------------

*Sep 2 07:19:50: %SEC-6-IPACCESSLOGRP: list acl_vlan100 denied ospf 157.206.4.4 -> 157.206.4.2, 34 packets

*Sep 2 07:20:50: %SEC-6-IPACCESSLOGRP: list acl_vlan100 denied ospf 157.206.4.3 -> 157.206.4.2, 47 packets

*Sep 2 07:21:50: %SEC-6-IPACCESSLOGRP: list acl_vlan100 denied ospf 157.206.4.6 -> 157.206.4.2, 46 packets

*Sep 2 07:24:50: %SEC-6-IPACCESSLOGRP: list acl_vlan100 denied ospf 157.206.4.4 -> 157.206.4.2, 37 packets

.Sep 2 08:56:29: %SEC-6-IPACCESSLOGRP: list acl_vlan100 denied ospf 157.206.4.3 -> 157.206.4.2, 36 packets

.Sep 2 08:57:30: %SEC-6-IPACCESSLOGRP: list acl_vlan100 denied ospf 157.206.4.6 -> 157.206.4.2, 79 packets

Sep 2 09:00:30: %SEC-6-IPACCESSLOGRP: list acl_vlan100 denied ospf 157.206.4.4 -> 157.206.4.2, 5 packets

Sep 2 09:01:30: %SEC-6-IPACCESSLOGRP: list acl_vlan100 denied ospf 157.206.4.3 -> 157.206.4.2, 3 packets

The interface VLAN is configured:

interface Vlan100

ip address 157.206.4.3 255.255.255.0

ip access-group acl_vlan100 in

no ip unreachables

standby 100 ip 157.206.4.1

standby 100 priority 150

standby 100 preempt

end

¿Why have I this problems?

1 ACCEPTED SOLUTION

Accepted Solutions
Gold

Re: Problem ACL and OSPF

you need to specifically allow OSPF.

permit ospf any any

or

permit ospf host x.x.x.x host x.x.x.x

2 REPLIES
Gold

Re: Problem ACL and OSPF

you need to specifically allow OSPF.

permit ospf any any

or

permit ospf host x.x.x.x host x.x.x.x

New Member

Re: Problem ACL and OSPF

Hi,

Your help have been good.

Thansk for all.

A greeting

674
Views
0
Helpful
2
Replies