Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ACL and OSPF problem

I am using the Cisco Network Simulator and I got stuck on the following problem with ACL and OSPF. The lab is as follows:

PC1-R1-R2-PC

PC1-R1 is on 192.168.1.16/28 network (R1 has 192.168.1.17)

R1-R2 is on 192.168.1.4 /30 network

R2-PC2 is on 192.168.1.32/27 network (R2 has 192.168.1.32)

R1 is using S0/0/0 and R2 is using S0/0/1

The lab is preconfigured with all the IPs and OSPF. The condition is to set ACL to block TELNET traffic from PC2 to R1-PC1 network and permit all other.

Following the instructions the ACL was set up like this:

access-list 100 deny tcp 192.168.1.32 0.0.0.31 192.168.1.16 0.0.0.15 eq 23

access-list 100 permit ip 192.168.1.32 0.0.0.31 192.168.1.16 0.0.0.15

on R2 s0/0/1 ->ip access-group 100 out.

Once I do this, OSPF stops sending Hellos. If I apply the ACL on F0/0 in, OSPF works.

My question here is, why OSPF stops sending Hellos on S0/0/1 once the ACL is applied?

Am I missing something here, or the example is wrong?

Should it be F0/0 instead of S0/0/1 to fullfill the requirements?

Shouldn't ACL ignore localy generated traffic?

Everyone's tags (2)
2 REPLIES
Purple

ACL and OSPF problem

Hi,

I posted an example on CLN  with  an ACL denying everything and applied outbound on a link where the OSPF adjacency is happening and you can see that it has no effect on the adjacency which proves that outbound ACLs don't care about router generated traffic.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
Community Member

ACL and OSPF problem

Hi Alain,

You were right. I tested on real 2611 and it worked. It is a bug with the simulator.

I've sent a bug report report to Cisco.

Thanks a milion for your great help.

317
Views
5
Helpful
2
Replies
CreatePlease to create content