09-02-2009 08:12 AM - edited 03-06-2019 07:33 AM
Hi,
I have two catalyst 6509 with IOS version 12.2(33)SXH5 and uses how routing protocol OSPF, but isn't operating.
I have the follwing ACLs:
ip access-list extended acl_vlan100
permit ip any 172.25.32.0 0.0.3.255
permit ip any 172.25.52.0 0.0.3.255
permit ip any 172.25.49.0 0.0.0.255
permit ip any 168.124.168.0 0.0.1.255
permit ip any 168.124.174.0 0.0.0.255
permit ip any 168.124.175.0 0.0.0.255
permit ip any 168.124.173.0 0.0.0.63
permit ip any 168.124.173.64 0.0.0.63
permit ip any 7.26.128.0 0.0.0.127
permit ip any 7.48.19.0 0.0.0.127
permit ip any 7.48.19.128 0.0.0.127
permit ip any 7.30.16.0 0.0.15.255
permit ip any 7.24.38.0 0.0.0.63
permit ip host 157.206.4.10 any
permit ip host 157.206.4.2 host 224.0.0.2
permit ip host 157.206.4.3 host 224.0.0.2
permit ip host 157.206.4.4 host 224.0.0.2
permit ip host 157.206.4.6 host 224.0.0.2
permit ip host 157.206.4.2 host 224.0.0.5
permit ip host 157.206.4.3 host 224.0.0.5
permit ip host 157.206.4.4 host 224.0.0.5
permit ip host 157.206.4.6 host 224.0.0.5
permit ip host 157.206.4.2 host 224.0.0.6
permit ip host 157.206.4.3 host 224.0.0.6
permit ip host 157.206.4.4 host 224.0.0.6
permit ip host 157.206.4.6 host 224.0.0.6
permit ip host 157.206.4.7 any
permit ip host 134.81.96.62 any
permit icmp any any
deny ip any any log
And the OSPF problems in the next lines:
157.206.4.3
-----------------
.Sep 2 08:52:26: %SEC-6-IPACCESSLOGRP: list acl_vlan100 denied ospf 157.206.4.4 -> 157.206.4.3, 83 packets
.Sep 2 08:52:26: %SEC-6-IPACCESSLOGRP: list acl_vlan100 denied ospf 157.206.4.6 -> 157.206.4.3, 71 packets
.Sep 2 08:54:26: %SEC-6-IPACCESSLOGRP: list acl_vlan100 denied ospf 157.206.4.2 -> 157.206.4.3, 47 packets
Sep 2 08:57:26: %SEC-6-IPACCESSLOGRP: list acl_vlan100 denied ospf 157.206.4.4 -> 157.206.4.3, 30 packets
Sep 2 08:57:26: %SEC-6-IPACCESSLOGRP: list acl_vlan100 denied ospf 157.206.4.6 -> 157.206.4.3, 40 packets
Sep 2 08:59:26: %SEC-6-IPACCESSLOGRP: list acl_vlan100 denied ospf 157.206.4.2 -> 157.206.4.3, 4 packets
157.206.4.2
------------------
*Sep 2 07:19:50: %SEC-6-IPACCESSLOGRP: list acl_vlan100 denied ospf 157.206.4.4 -> 157.206.4.2, 34 packets
*Sep 2 07:20:50: %SEC-6-IPACCESSLOGRP: list acl_vlan100 denied ospf 157.206.4.3 -> 157.206.4.2, 47 packets
*Sep 2 07:21:50: %SEC-6-IPACCESSLOGRP: list acl_vlan100 denied ospf 157.206.4.6 -> 157.206.4.2, 46 packets
*Sep 2 07:24:50: %SEC-6-IPACCESSLOGRP: list acl_vlan100 denied ospf 157.206.4.4 -> 157.206.4.2, 37 packets
.Sep 2 08:56:29: %SEC-6-IPACCESSLOGRP: list acl_vlan100 denied ospf 157.206.4.3 -> 157.206.4.2, 36 packets
.Sep 2 08:57:30: %SEC-6-IPACCESSLOGRP: list acl_vlan100 denied ospf 157.206.4.6 -> 157.206.4.2, 79 packets
Sep 2 09:00:30: %SEC-6-IPACCESSLOGRP: list acl_vlan100 denied ospf 157.206.4.4 -> 157.206.4.2, 5 packets
Sep 2 09:01:30: %SEC-6-IPACCESSLOGRP: list acl_vlan100 denied ospf 157.206.4.3 -> 157.206.4.2, 3 packets
The interface VLAN is configured:
interface Vlan100
ip address 157.206.4.3 255.255.255.0
ip access-group acl_vlan100 in
no ip unreachables
standby 100 ip 157.206.4.1
standby 100 priority 150
standby 100 preempt
end
¿Why have I this problems?
Solved! Go to Solution.
09-02-2009 08:29 AM
you need to specifically allow OSPF.
permit ospf any any
or
permit ospf host x.x.x.x host x.x.x.x
09-02-2009 08:29 AM
you need to specifically allow OSPF.
permit ospf any any
or
permit ospf host x.x.x.x host x.x.x.x
09-02-2009 11:15 PM
Hi,
Your help have been good.
Thansk for all.
A greeting
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide