Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
649
Views
5
Helpful
3
Replies

Routing table going down

DaniloStanisic
Level 1
Level 1

‎05-25-2020 02:52 AM

Hi,

After I put an access-list on one of my routers the routing table fails to update, this is the running-config of that router:

Building configuration...

 

Current configuration : 1059 bytes

!

version 12.2

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname R5

!

!

!

!

ip dhcp excluded-address 8.0.0.0 8.0.0.15

ip dhcp excluded-address 8.0.0.18 8.0.0.24

!

ip dhcp pool dhcp_pool_r5

network 8.0.0.0 255.255.255.0

default-router 8.0.0.1

dns-server 8.0.0.3

!

!

!

no ip cef

no ipv6 cef

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

interface FastEthernet0/0

ip address 8.0.25.2 255.255.255.0

ip access-group 101 in

duplex auto

speed auto

!

interface FastEthernet1/0

ip address 8.0.0.1 255.255.255.0

duplex auto

speed auto

!

router rip

version 2

network 8.0.0.0

!

ip classless

!

ip flow-export version 9

!

!

access-list 101 permit udp any host 8.0.0.3 eq domain

access-list 101 deny ip any host 8.0.0.3

access-list 101 permit tcp any host 8.0.0.2 eq www

access-list 101 permit icmp any host 8.0.0.2

access-list 101 deny ip any host 8.0.0.2

access-list 101 permit icmp any any

access-list 101 permit ospf any any

!

!

!

!

!

!

line con 0

!

line aux 0

!

line vty 0 4

login

!

!

!

end

 

and I should add that this is a router in an RIPv2 area, that connects to ASBR, so I think i have a problem with access-lists, after adding them the routing table becomes empty. Also in access-list I try to allow only DNS packages to my 8.0.0.3 server, and only HTTP and ICMP packages to 8.0.0.2 server, and also allow ICMP packages to any other host in the network 8.0.0.0/24.

What am I doing wrong here?

Labels:
0 Helpful
3 Replies 3

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎05-25-2020 03:22 AM

Hello @DaniloStanisic ,

if the router runs RIP you need to permit this protocol RIP in access-list 101.

You have a line for OSPF but this router looks like to be configured only for RIP.

 

Be also aware that the order of the statements is very important.

 

Hope to help

Giuseppe

 

0 Helpful

DaniloStanisic
Level 1
Level 1
In response to Giuseppe Larosa

‎05-25-2020 03:29 AM - edited ‎05-25-2020 03:52 AM

Hello, and thank you for you answer, but what excatly is the line im looking for to permit RIP protocol, because I don't seem to find it.

Edit:
So it wasn't under my udp list, but I put it down as a port number 520. And it worked.

Naresh Murali
Cisco Employee
Cisco Employee
In response to DaniloStanisic

‎05-25-2020 04:28 AM

Hi DaniloStanisic,

 

From the access-list we are missing the below statement:

"access-list 101 permit udp any eq rip any eq rip"

This will allow the RIP protocol so that you wont have any issue with it.

Hope this helps.

Regards

Naresh M

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card