Re: RFC 1918 and RFC 2827 Filtering along with uRPF

Ibrahim Jamil · ‎05-25-2012

Hi Experts

i have R1(F0/0 :1.1.1.1 and R2 (F0/0:1.1.1.2) connected togather once i applied acl at R1 on the inbound direction i lost the ospf session and the ping between these 2 routers despite for the below ACL Config

acl 101 permit icmp host 1.1.1.1 host 1.1.1.2

acl 101 permit host 1.1.1.1 host 1.1.1.2

acl 101 permit ospf 1.1.1.1 host 1.1.1.2

acl 101 permit ip 192.168.1.0 0.0.0.15 any

R1

int f0/0

ip access-group 101 in

R1 is my main router while R2 is my customer , i gave my customer the block 192.168.1.0/25 so i m going to implement some security like

RFC 1918 and RFC 2827 Filtering along with uRPF

pls lead me to the correct config and why the above acl didnt work?

thanks

jamil

Edison Ortiz · ‎05-25-2012

If you apply the ACL on the 'in' direction, the source is the remote router.

In your ACL example, the source is the local router.

acl 101 permit icmp host 1.1.1.2 host 1.1.1.1

acl 101 permit ospf 1.1.1.2 host 1.1.1.1

Ibrahim Jamil · ‎05-25-2012

Hi Edison

thanks for ur reply

what if i need to implement RFC 1918 and RFC 2827 Filtering along with uRPF towords my upstrem ISPs and i have phisical link between my and ISPs PoPs but as y now i peer with loopback address betwwen me and ISPs PoPs , so in this scenario how the acl config would be?

u forgot to mention in the acl the 192.168.1.0/25 i gave in the acl

thanks