OSPF + ACLs

- F
- Franck
  
  Contact options for registered users
posted
18 years ago

Fri, Apr 14, 2006 3:30 PM

Hi all,

I've a basic question about OSPF and ACLs but i'm hesitating. I've two routers with 2 Fast Ethernet, OSPF are running on all network interfaces (point to point). I've an ACL on one interface like that :

permit ip 192.168.1.224 0.0.0.31 192.168.0.0 0.0.0.127 permit ip 192.168.1.224 0.0.0.31 192.168.0.128 0.0.0.127 permit ip 192.168.1.224 0.0.0.31 192.168.3.64 0.0.0.63 permit tcp 192.168.1.224 0.0.0.31 any eq www deny ip any any

I wonder whether this interface continue to send Hello Packets since the multicast address 224.0.0.5 is not permit. May I have to insert a nex line in my ACL to allow the multicast address or not ?

Thanks Regards

Franck

Loading thread data ...

- M
- Merv
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Fri, Apr 14, 2006 4:11 PM

Router originated traffic is not filter by access lists (ie. outbound OSPF hellos)

To avoid blocking inbound OSPF packets, you can permit OSPF traffic by configuring "permit ospf any any"

Check that there are matches by using the show access-list command

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.