Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1289
Views
10
Helpful
10
Replies

rip 224.0.0.9 suppression not working

B@B@r
Level 1
Level 1

‎07-01-2018 05:27 PM - edited ‎03-08-2019 03:32 PM

hi all i am working on rip

i want to break rip updates by denying 224.0.0.9

which is not working

my configurion

 

access-list 1 deny 224.0.0.9 0.0.0.0a

access-list 1 permit any 

int fa0/0

ip access-group 1 in 

ip access-group 1 out

 

 

but still, have rip route and ip debug rip is showing packet send with multicast address.

why shouldn't it blocked?

 

thanks

regard

babar

Labels:
0 Helpful
10 Replies 10

Georg Pauwen
VIP
VIP

‎07-01-2018 11:34 PM

Hello,

 

you need to use an extended IP access list:

 

access-list 101 deny ip any host 224.0.0.9

access-list 101 permit ip any any

0 Helpful

B@B@r
Level 1
Level 1
In response to Georg Pauwen

‎07-02-2018 03:04 AM

Thankyou for your reply,

i tried it but still it is not working .
rip is still learning route from neighbor
i also did clear ip route *
show access-list 101
10 deny ip any host 224.0.0.9 (312 matches)
20 permit ip any any ( 12 matches)

inter fa0/0
ip access-group 101 in
0 Helpful

Yogi-Bear
Level 1
Level 1

‎07-02-2018 03:16 AM

That multicast is a destination address and you are using standard access-list which only targrt source IP.

If you're interested there a functionality that achieve your purpose and it's used with the command passive-interface.
0 Helpful

B@B@r
Level 1
Level 1
In response to Yogi-Bear

‎07-02-2018 03:26 AM

Dear bobby,
yeah i used standard access-list, but after guidance of first reply i tried for extended access list still it is not working.
i know about passive interface ,it stop sending routing updates i tried it is working perfactly...
But i want to block its multi-cast address using extended control list ...
it is not working
0 Helpful

Yogi-Bear
Level 1
Level 1
In response to B@B@r

‎07-02-2018 04:11 AM

Alrigth can you please share the access-list, the port and RIP config ?
0 Helpful

Georg Pauwen
VIP
VIP
In response to Yogi-Bear

‎07-02-2018 04:18 AM

Did you apply the access list outbound as well ?

 

access-list 101 deny ip any host 224.0.0.9
access-list 101 permit ip any any
!
inter fa0/0
ip access-group 101 in
ip access-group 101 out

Yogi-Bear
Level 1
Level 1
In response to Georg Pauwen

‎07-02-2018 04:31 AM

That should be it. Well done Georg!
0 Helpful

B@B@r
Level 1
Level 1
In response to Yogi-Bear

‎07-02-2018 07:54 AM

Rip routes are still there
ssss.png

 

 

if it is not working could i block at udp layer 520....

 

 

0 Helpful

Georg Pauwen
VIP
VIP
In response to B@B@r

‎07-02-2018 08:33 AM

Hello,

 

what does your topology look like ? Do you have back to back routers with only one connection ?

0 Helpful

Yogi-Bear
Level 1
Level 1
In response to Georg Pauwen

‎07-02-2018 01:25 PM - edited ‎07-02-2018 01:39 PM

You can't use an ACL to block outgoing RIP messages originated locally. ACL simply doesn't filter locally originated traffic. Thats why there's a "passive-interface" command.

 

You can however block inbound traffic. Make sure you create the ACL before trying to apply it to the interface otherwise it won't work. So give it a try agagain and recreate it.

Customers Also Viewed These Support Documents