ACL and OSPF problem

Evgueni Pavlov · ‎02-18-2014

I am using the Cisco Network Simulator and I got stuck on the following problem with ACL and OSPF. The lab is as follows:

PC1-R1-R2-PC

PC1-R1 is on 192.168.1.16/28 network (R1 has 192.168.1.17)

R1-R2 is on 192.168.1.4 /30 network

R2-PC2 is on 192.168.1.32/27 network (R2 has 192.168.1.32)

R1 is using S0/0/0 and R2 is using S0/0/1

The lab is preconfigured with all the IPs and OSPF. The condition is to set ACL to block TELNET traffic from PC2 to R1-PC1 network and permit all other.

Following the instructions the ACL was set up like this:

access-list 100 deny tcp 192.168.1.32 0.0.0.31 192.168.1.16 0.0.0.15 eq 23

access-list 100 permit ip 192.168.1.32 0.0.0.31 192.168.1.16 0.0.0.15

on R2 s0/0/1 ->ip access-group 100 out.

Once I do this, OSPF stops sending Hellos. If I apply the ACL on F0/0 in, OSPF works.

My question here is, why OSPF stops sending Hellos on S0/0/1 once the ACL is applied?

Am I missing something here, or the example is wrong?

Should it be F0/0 instead of S0/0/1 to fullfill the requirements?

Shouldn't ACL ignore localy generated traffic?

cadet alain · ‎02-19-2014

Hi,

I posted an example on CLN with an ACL denying everything and applied outbound on a link where the OSPF adjacency is happening and you can see that it has no effect on the adjacency which proves that outbound ACLs don't care about router generated traffic.

Regards

Alain

Don't forget to rate helpful posts.

Evgueni Pavlov · ‎02-19-2014

Hi Alain,

You were right. I tested on real 2611 and it worked. It is a bug with the simulator.

I've sent a bug report report to Cisco.

Thanks a milion for your great help.