ACL vs Routing Protocols
Christopher Dobkowski
Member Posts: 98 ■■□□□□□□□□
in CCNA & CCENT
Hi there fellows! 
I'm studying for my CCNA and I just finished the ACLs and I thought to experiment and what I came up with is to create an extended ACL that will deny Rip (port 520) from sending updates to a router on the far end of the link, the IPs are point-to-point 10.0.0.0/30 and what I want to do is:
Router 1 = FastEthernet 0/0 IP address -> 10.0.0.1/30 and Rip running (no-autosummary and ver is 2)
Router 2 = -||- -||- IP address -> 10.0.0.2/30 and Rip running (-||-)..
On both Routers I have one Loopback interface 0 with another network that I advertise over RIP.
Ok I set everything up the Rip works and the networks are advertised correctly. Now what I want to do is to set an access list on the Router 1 interface as Outbound to DENY Rip updates from going out that interface, I don't want to set it on the Router 2 as Inbound.
Can anyone tell me the ACL syntax to do this? I believe I need to use RIPs multicast but I'm not sure
I'm studying for my CCNA and I just finished the ACLs and I thought to experiment and what I came up with is to create an extended ACL that will deny Rip (port 520) from sending updates to a router on the far end of the link, the IPs are point-to-point 10.0.0.0/30 and what I want to do is:
Router 1 = FastEthernet 0/0 IP address -> 10.0.0.1/30 and Rip running (no-autosummary and ver is 2)
Router 2 = -||- -||- IP address -> 10.0.0.2/30 and Rip running (-||-)..
On both Routers I have one Loopback interface 0 with another network that I advertise over RIP.
Ok I set everything up the Rip works and the networks are advertised correctly. Now what I want to do is to set an access list on the Router 1 interface as Outbound to DENY Rip updates from going out that interface, I don't want to set it on the Router 2 as Inbound.
Can anyone tell me the ACL syntax to do this? I believe I need to use RIPs multicast but I'm not sure
Comments
-
Dan-Humphreys
Member Posts: 20 ■□□□□□□□□□
Don't count on this being accurate, but I believe the updates are UDP so I'm guessing the syntax would be,
deny udp any any eq 520 -
Christopher Dobkowski
Member Posts: 98 ■■□□□□□□□□
Dan-Humphreys wrote: »Don't count on this being accurate, but I believe the updates are UDP so I'm guessing the syntax would be,
deny udp any any eq 520
Nope, still not working
Thanks for help though, appreciate it!
-
Dan-Humphreys
Member Posts: 20 ■□□□□□□□□□
try tcp instead of udp? or add the same line for both
so deny udp any any eq 520
deny tcp any any eq 520 -
Zartanasaurus
Member Posts: 2,008 ■■■■■■■■■□
Outbound ACLs don't filter router generated traffic. You'll have to do it inbound on the other router. Or you could deny everything outbound with a distribute-list.Currently reading:
IPSec VPN Design 44%
Mastering VMWare vSphere 5 42.8% -
Christopher Dobkowski
Member Posts: 98 ■■□□□□□□□□
Zartanasaurus wrote: »Outbound ACLs don't filter router generated traffic. You'll have to do it inbound on the other router. Or you could deny everything outbound with a distribute-list.
Oh my God! I totally forgot about that!!!! Thank You very much!!!!!!!!
-
Christopher Dobkowski
Member Posts: 98 ■■□□□□□□□□
Dan-Humphreys wrote: »try tcp instead of udp? or add the same line for both
so deny udp any any eq 520
deny tcp any any eq 520
RIP uses UDP so TCP won't work... But thank's for trying!
-
DiZz
Registered Users Posts: 2 ■□□□□□□□□□
I believe you can just put rip in instead of the port number, kinda like you can put in eigrp
soo maybe: deny udp any any eq rip
but i dont remember if the version number matters. -
LinuxRacr
Member Posts: 653 ■■■■□□□□□□
I think version may matter because Ripv2 uses the multicast address of 224.0.0.9 to send updates I believe.My WGU B.S. IT - Security Progress : Transferred In|Remaining|In Progress|Completed
AGC1, CLC1, GAC1, INC1, CTV1, INT1, BVC1, TBP1, TCP1, QLT1, HHT1, QBT1, BBC1 (39 CUs), (0 CUs) (0 CUs)
WFV1, BNC1, EAV1, EBV1, COV1 | MGC1, IWC1 | CQV1, CNV1, IWT1, RIT1 | DRV1, DSV1, TPV1, CVV1 | EUP1, EUC1, DHV1| CUV1, C173 | BOV1, CJV1, TXP1, TXC1 | TYP1, TYC1, SBT1, RGT1 (84 CUs) DONE!
