05-25-2020 02:52 AM
Hi,
After I put an access-list on one of my routers the routing table fails to update, this is the running-config of that router:
Building configuration...
Current configuration : 1059 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R5
!
!
!
!
ip dhcp excluded-address 8.0.0.0 8.0.0.15
ip dhcp excluded-address 8.0.0.18 8.0.0.24
!
ip dhcp pool dhcp_pool_r5
network 8.0.0.0 255.255.255.0
default-router 8.0.0.1
dns-server 8.0.0.3
!
!
!
no ip cef
no ipv6 cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 8.0.25.2 255.255.255.0
ip access-group 101 in
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 8.0.0.1 255.255.255.0
duplex auto
speed auto
!
router rip
version 2
network 8.0.0.0
!
ip classless
!
ip flow-export version 9
!
!
access-list 101 permit udp any host 8.0.0.3 eq domain
access-list 101 deny ip any host 8.0.0.3
access-list 101 permit tcp any host 8.0.0.2 eq www
access-list 101 permit icmp any host 8.0.0.2
access-list 101 deny ip any host 8.0.0.2
access-list 101 permit icmp any any
access-list 101 permit ospf any any
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
and I should add that this is a router in an RIPv2 area, that connects to ASBR, so I think i have a problem with access-lists, after adding them the routing table becomes empty. Also in access-list I try to allow only DNS packages to my 8.0.0.3 server, and only HTTP and ICMP packages to 8.0.0.2 server, and also allow ICMP packages to any other host in the network 8.0.0.0/24.
What am I doing wrong here?
05-25-2020 03:22 AM
Hello @DaniloStanisic ,
if the router runs RIP you need to permit this protocol RIP in access-list 101.
You have a line for OSPF but this router looks like to be configured only for RIP.
Be also aware that the order of the statements is very important.
Hope to help
Giuseppe
05-25-2020 03:29 AM - edited 05-25-2020 03:52 AM
Hello, and thank you for you answer, but what excatly is the line im looking for to permit RIP protocol, because I don't seem to find it.
Edit:
So it wasn't under my udp list, but I put it down as a port number 520. And it worked.
05-25-2020 04:28 AM
From the access-list we are missing the below statement:
"access-list 101 permit udp any eq rip any eq rip"
This will allow the RIP protocol so that you wont have any issue with it.
Hope this helps.
Regards
Naresh M
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide