Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
868
Views
10
Helpful
10
Replies

rip 224.0.0.9 suppression not working

B@B@r
Level 1
Level 1

‎07-01-2018 05:27 PM - edited ‎03-08-2019 03:32 PM

hi all i am working on rip

i want to break rip updates by denying 224.0.0.9

which is not working

my configurion

 

access-list 1 deny 224.0.0.9 0.0.0.0a

access-list 1 permit any 

int fa0/0

ip access-group 1 in 

ip access-group 1 out

 

 

but still, have rip route and ip debug rip is showing packet send with multicast address.

why shouldn't it blocked?

 

thanks

regard

babar

Labels:
0 Helpful
10 Replies 10

Georg Pauwen
VIP
VIP

‎07-01-2018 11:34 PM

Hello,

 

you need to use an extended IP access list:

 

access-list 101 deny ip any host 224.0.0.9

access-list 101 permit ip any any

0 Helpful

B@B@r
Level 1
Level 1
In response to Georg Pauwen

‎07-02-2018 03:04 AM

Thankyou for your reply,

i tried it but still it is not working .
rip is still learning route from neighbor
i also did clear ip route *
show access-list 101
10 deny ip any host 224.0.0.9 (312 matches)
20 permit ip any any ( 12 matches)

inter fa0/0
ip access-group 101 in
0 Helpful

Yogi-Bear
Level 1
Level 1

‎07-02-2018 03:16 AM

That multicast is a destination address and you are using standard access-list which only targrt source IP.

If you're interested there a functionality that achieve your purpose and it's used with the command passive-interface.
0 Helpful

B@B@r
Level 1
Level 1
In response to Yogi-Bear

‎07-02-2018 03:26 AM

Dear bobby,
yeah i used standard access-list, but after guidance of first reply i tried for extended access list still it is not working.
i know about passive interface ,it stop sending routing updates i tried it is working perfactly...
But i want to block its multi-cast address using extended control list ...
it is not working
0 Helpful

Yogi-Bear
Level 1
Level 1
In response to B@B@r

‎07-02-2018 04:11 AM

Alrigth can you please share the access-list, the port and RIP config ?
0 Helpful

Georg Pauwen
VIP
VIP
In response to Yogi-Bear

‎07-02-2018 04:18 AM

Did you apply the access list outbound as well ?

 

access-list 101 deny ip any host 224.0.0.9
access-list 101 permit ip any any
!
inter fa0/0
ip access-group 101 in
ip access-group 101 out

Yogi-Bear
Level 1
Level 1
In response to Georg Pauwen

‎07-02-2018 04:31 AM

That should be it. Well done Georg!
0 Helpful

B@B@r
Level 1
Level 1
In response to Yogi-Bear

‎07-02-2018 07:54 AM

Rip routes are still there
ssss.png

 

 

if it is not working could i block at udp layer 520....

 

 

0 Helpful

Georg Pauwen
VIP
VIP
In response to B@B@r

‎07-02-2018 08:33 AM

Hello,

 

what does your topology look like ? Do you have back to back routers with only one connection ?

0 Helpful

Yogi-Bear
Level 1
Level 1
In response to Georg Pauwen

‎07-02-2018 01:25 PM - edited ‎07-02-2018 01:39 PM

You can't use an ACL to block outgoing RIP messages originated locally. ACL simply doesn't filter locally originated traffic. Thats why there's a "passive-interface" command.

 

You can however block inbound traffic. Make sure you create the ACL before trying to apply it to the interface otherwise it won't work. So give it a try agagain and recreate it.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card