Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6537
Views
0
Helpful
6
Replies

how to use ACL to limit eigrp and ospf traffic?

dannan lin
Level 1
Level 1

‎11-14-2011 07:22 PM - edited ‎03-07-2019 03:23 AM

hi:

i know OSPF ,EIGRP and RIP are both network layer protocols .

and RIP uses UDP at port 520

EIGRP uses RTP and  protocol number is 88

OSPF 's protocol number 89

both EIGRP and RTP are encapsulated into a IP packet 。

alright, if i want to use ACL to limit EIGRP or OSPF update information what port number shall i use ?

in RIP case i can put " access-list  1 deny udp any any eq 520"  but how to do it with EIGRP and OSPF ??

anyone?

thanks in advance

1 person had this problem
Labels:
0 Helpful
6 Replies 6

vipinrajrc
Level 3
Level 3

‎11-14-2011 07:33 PM

Hi

you can use passive-interface command to limit routing protocol updates.

Please try that.

Hope that helps

Vipin

Thanks and Regards, Vipin
0 Helpful

vikz230884
Level 1
Level 1

‎11-14-2011 09:10 PM

Hi Dannan,

Not sure if I get this right..

Are you want to block the ospf packet or the routes ?

If packet then "deny ospf any any" same with eigrp "deny eigrp any any"

if the routes you can use distribute-list.

HTH,

Vikram

0 Helpful

jingpep12
Level 1
Level 1
In response to vikz230884

‎03-19-2020 11:51 PM

No this will not work !!

0 Helpful

kamomil
Level 1
Level 1

‎11-01-2018 11:08 AM

!***************************************************************

access-list 90 remark 10.1.15.2 is your eigrp neighbor's address. 

access-list 90 permit eigrp host 10.1.15.2 any
access-list 90 deny eigrp any any
access-list 90 permit ip any any
!
interface ethernet0/0
ip access-group 90 in
!
debug ip packet 90 detail

!************************************************************

 

Or you can also do something like:

 

!******************************************************

ip access-l ext EIGRP-Neighbor3-Allow

 !  permit eigrp host 10.1.15.3 host 10.1.15.2 if you used the neighbor statement for unicast EIGRP.

   permit eigrp host 10.1.15.3 host 224.0.0.10

   deny eigrp any any

   permit ip any any

!

int vlan 15

   ip add 10.1.15.2 255.255.255.0

   ip access-group EIGRP-Neighbor3-Allow in

!

!*****************************************************

ip access-l ext EIGRP-Neighbor2-Allow

   !  permit eigrp host 10.1.15.2 host 10.1.15.3 if you used the neighbor statement for unicast EIGRP.

   permit eigrp host 10.1.15.2 host 224.0.0.10

   deny eigrp any any

   permit ip any any

!

int vlan 15

   ip add 10.1.15.3 255.255.255.0

   ip access-group EIGRP-Neighbor2-Allow in

!

!*****************************************************

0 Helpful

paul driver
VIP
VIP

‎11-01-2018 03:21 PM

Hello

Can you elaborate on what you mean by

 if i want to use ACL to limit EIGRP or OSPF update information what port number shall i use ?

 

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

PaulSmith
Level 1
Level 1

‎11-02-2018 07:21 AM

For EIGRP you can use the built in feature;

 

router eigrp 50
 distribute-list 30 in TenGigabitEthernet1/1/29
 distribute-list 30 in TenGigabitEthernet2/1/29
 network 10.203.16.0 0.0.0.255

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card