cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1430
Views
10
Helpful
5
Replies

Access-List deleting RIP-Table

luxgil
Level 1
Level 1

Hello everyone,

 

I have set up 3 networks which are connected trough multiple routers. All of them are connected trough the RIP protocol.

The connection works fine, I can get from one network to the other ones.

But when I create an extended access-list to define which connection is allowed and which connection should be denied, it works fine for a few minutes (ACL is being applied, Routing works as configured) and then the router where I defined the extended access-list gets its routing table emptied and I can't get to the other networks until I delete the access-list again.

 

I thought that maybe I should define the routers to use version 2 of RIP and tried the ACL again but it happened again. At this point, I have no idea what could cause this to happen. I tried to google that problem but couldn't find anything, so I open my own thread :)

 

It would be awesome if someone could help me.

2 Accepted Solutions

Accepted Solutions

Hello


@luxgil wrote:

But when I create an extended access-list to define which connection is allowed and which connection should be denied, it works fine for a few minutes (ACL is being applied, Routing works as configured) and then the router where I defined the extended access-list gets its routing table emptied and I can't get to the other networks until I delete the access-list again.


I cannot open you zip file however just by what you have stated seems suggest you are denying the rip protocol so when this acl is applied the protocol is prohibited and its routes ages out, So append your acl to allow rip  then it should work

 

access-list xxx
permt udp any any eq rip



 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

Hello,

 

have a look at the link below. For each routing protocol, you need to allow routing updates..

 

https://www.cisco.com/c/en/us/support/docs/ip/access-lists/26448-ACLsamples.html#anc16

 

EDIT: The correct answer was supplied by Paul while I was looking at your project file...

View solution in original post

5 Replies 5

Hello,

 

post the full configs of the routers including the access list. Is this a Packet Tracer project ? If so, zip and upload the .pkt file...

Hello Georg,

 

I have the zip-file attached.

The router where all the problems are happening, is the first router from the left side.

 

Thanks for your help!

Hello,

 

have a look at the link below. For each routing protocol, you need to allow routing updates..

 

https://www.cisco.com/c/en/us/support/docs/ip/access-lists/26448-ACLsamples.html#anc16

 

EDIT: The correct answer was supplied by Paul while I was looking at your project file...

Hello


@luxgil wrote:

But when I create an extended access-list to define which connection is allowed and which connection should be denied, it works fine for a few minutes (ACL is being applied, Routing works as configured) and then the router where I defined the extended access-list gets its routing table emptied and I can't get to the other networks until I delete the access-list again.


I cannot open you zip file however just by what you have stated seems suggest you are denying the rip protocol so when this acl is applied the protocol is prohibited and its routes ages out, So append your acl to allow rip  then it should work

 

access-list xxx
permt udp any any eq rip



 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hello Paul,

 

That seemed to be my problem.

I just allowed and denied the single components from each network but hadn't added the routing updates.

 

Thanks for your quick response and good help!

 

EDIT: Thanks to Georg as well for the link that explains is really good.

EDIT: For some reason the command that worked was:

access-list 102 permit udp any any

And not

access-list 102 permit udp any any eq rip

 as the CLI would write: Invalid input detected.

Review Cisco Networking for a $25 gift card