07-01-2018 05:27 PM - edited 03-08-2019 03:32 PM
hi all i am working on rip
i want to break rip updates by denying 224.0.0.9
which is not working
my configurion
access-list 1 deny 224.0.0.9 0.0.0.0a
access-list 1 permit any
int fa0/0
ip access-group 1 in
ip access-group 1 out
but still, have rip route and ip debug rip is showing packet send with multicast address.
why shouldn't it blocked?
thanks
regard
babar
07-01-2018 11:34 PM
Hello,
you need to use an extended IP access list:
access-list 101 deny ip any host 224.0.0.9
access-list 101 permit ip any any
07-02-2018 03:04 AM
07-02-2018 03:16 AM
07-02-2018 03:26 AM
07-02-2018 04:11 AM
07-02-2018 04:18 AM
Did you apply the access list outbound as well ?
access-list 101 deny ip any host 224.0.0.9
access-list 101 permit ip any any
!
inter fa0/0
ip access-group 101 in
ip access-group 101 out
07-02-2018 04:31 AM
07-02-2018 07:54 AM
Rip routes are still there
if it is not working could i block at udp layer 520....
07-02-2018 08:33 AM
Hello,
what does your topology look like ? Do you have back to back routers with only one connection ?
07-02-2018 01:25 PM - edited 07-02-2018 01:39 PM
You can't use an ACL to block outgoing RIP messages originated locally. ACL simply doesn't filter locally originated traffic. Thats why there's a "passive-interface" command.
You can however block inbound traffic. Make sure you create the ACL before trying to apply it to the interface otherwise it won't work. So give it a try agagain and recreate it.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: