Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

VRRP with access-list

Hey all,

Quick question, while setting up VRRP on a SVI with an access-list.

What do i need to allow for successful VRRP communication? protocol 112?

Do i even need to add this to the access-list?

Many Thanks,


Alan

1 ACCEPTED SOLUTION

Accepted Solutions

Re: VRRP with access-list

Hey all,

Quick question, while setting up VRRP on a SVI with an access-list.

What do i need to allow for successful VRRP communication? protocol 112?

Do i even need to add this to the access-list?

Many Thanks,


Alan

Hi Alan,

VRRP  runs on its own protocol number from the source interface IP to the multicast address of 224.0.0.18,so access-listwill be in the below fashion.

access-list 101 permit 112 any host 224.0.0.18

VRRP-E An enhanced version of VRRP that overcomes limitations in the standard protocol and runs on UDP/8888 from the source interface IP to the multicast address of 224.0.0.2

access-list 101 permit 112 any host 224.0.0.2 eq 8888

Hope to help !!

If helpful do rate the post

Ganesh.H

3 REPLIES

Re: VRRP with access-list

Hey all,

Quick question, while setting up VRRP on a SVI with an access-list.

What do i need to allow for successful VRRP communication? protocol 112?

Do i even need to add this to the access-list?

Many Thanks,


Alan

Hi Alan,

VRRP  runs on its own protocol number from the source interface IP to the multicast address of 224.0.0.18,so access-listwill be in the below fashion.

access-list 101 permit 112 any host 224.0.0.18

VRRP-E An enhanced version of VRRP that overcomes limitations in the standard protocol and runs on UDP/8888 from the source interface IP to the multicast address of 224.0.0.2

access-list 101 permit 112 any host 224.0.0.2 eq 8888

Hope to help !!

If helpful do rate the post

Ganesh.H

Hall of Fame Super Blue

Re: VRRP with access-list

alanc3141592654 wrote:

Hey all,

Quick question, while setting up VRRP on a SVI with an access-list.

What do i need to allow for successful VRRP communication? protocol 112?

Do i even need to add this to the access-list?

Many Thanks,


Alan

Alan

In addtition to Ganesh's response. If the acl is applied outbound on your vlan interfaces then you don't need to worry because acl's applied outbound do not restrict traffic generated by the router itself.

If applied inbound then yes you need to allow it.

Jon

New Member

Re: VRRP with access-list

Hey Guys,

Thanks for your quick response.

I tested and it works great

4323
Views
0
Helpful
3
Replies
CreatePlease to create content