cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5910
Views
0
Helpful
6
Replies

how to use ACL to limit eigrp and ospf traffic?

dannan lin
Beginner
Beginner

hi:

i know OSPF ,EIGRP and RIP are both network layer protocols .

and RIP uses UDP at port 520

EIGRP uses RTP and  protocol number is 88

OSPF 's protocol number 89

both EIGRP and RTP are encapsulated into a IP packet 。

alright, if i want to use ACL to limit EIGRP or OSPF update information what port number shall i use ?

in RIP case i can put " access-list  1 deny udp any any eq 520"  but how to do it with EIGRP and OSPF ??

anyone?

thanks in advance

6 Replies 6

vipinrajrc
Participant
Participant

Hi

you can use passive-interface command to limit routing protocol updates.

Please try that.

Hope that helps

Vipin

Thanks and Regards, Vipin

vikz230884
Beginner
Beginner

Hi Dannan,

Not sure if I get this right..

Are you want to block the ospf packet or the routes ?

If packet then "deny ospf any any" same with eigrp "deny eigrp any any"

if the routes you can use distribute-list.

HTH,

Vikram

No this will not work !!

kamomil
Beginner
Beginner

!***************************************************************

access-list 90 remark 10.1.15.2 is your eigrp neighbor's address. 

access-list 90 permit eigrp host 10.1.15.2 any
access-list 90 deny eigrp any any
access-list 90 permit ip any any
!
interface ethernet0/0
ip access-group 90 in
!
debug ip packet 90 detail

!************************************************************

 

Or you can also do something like:

 

!******************************************************

ip access-l ext EIGRP-Neighbor3-Allow

 !  permit eigrp host 10.1.15.3 host 10.1.15.2 if you used the neighbor statement for unicast EIGRP.

   permit eigrp host 10.1.15.3 host 224.0.0.10

   deny eigrp any any

   permit ip any any

!

int vlan 15

   ip add 10.1.15.2 255.255.255.0

   ip access-group EIGRP-Neighbor3-Allow in

!

!*****************************************************

ip access-l ext EIGRP-Neighbor2-Allow

   !  permit eigrp host 10.1.15.2 host 10.1.15.3 if you used the neighbor statement for unicast EIGRP.

   permit eigrp host 10.1.15.2 host 224.0.0.10

   deny eigrp any any

   permit ip any any

!

int vlan 15

   ip add 10.1.15.3 255.255.255.0

   ip access-group EIGRP-Neighbor2-Allow in

!

!*****************************************************

Hello

Can you elaborate on what you mean by


 if i want to use ACL to limit EIGRP or OSPF update information what port number shall i use ?

 

 


 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

PaulSmith
Beginner
Beginner

For EIGRP you can use the built in feature;

 

router eigrp 50
 distribute-list 30 in TenGigabitEthernet1/1/29
 distribute-list 30 in TenGigabitEthernet2/1/29
 network 10.203.16.0 0.0.0.255

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: