Is it possible to filter outgoing VRRPv3 announcements on the VRRPv3 interface?
I have the following interface on my CSR1000 router:
interface GigabitEthernet1
service instance 10 ethernet
encapsulation dot1q 10
rewrite ingress tag pop 1 symmetric
mac access-group NO-VRRP out
ip access-group NO-VRRP-IPv4
ipv6 traffic-filter NO-VRRP-IPv6
bridge-domain 10
On my bridgedomain i am running a VRRPv3 configuration with IP-SLA tracking.
I just want to use my VRRPv3 configuration in combination with the IP-SLA tracking, so i want to filter out all the VRRPv3 announcements.
I first tried to configure an ip access-list, but the messages don't seem to be filtered:
Extended IP access list NO-VRRP-IPv4
10 deny 112 any host 224.0.0.18
20 permit ip any any
IPv6 access list NO-VRRP-IPv6
deny 112 any host FF02::12 sequence 10
permit ipv6 any any sequence 20
Than i tried to configure a mac access-list, but here the messages also aren't filtered:
mac access-list extended NO-VRRP
deny 0000.5e00.0100 0000.0000.00ff host 0100.5e00.0012
deny 0000.5e00.0200 0000.0000.00ff host 3333.0000.0012
permit host 0000.0000.0000 host 0000.0000.0000
Is this due to VRRP generating messages directly on the interface, or is it an configuration mistake?