cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
10191
Views
0
Helpful
3
Replies

VRRP with access-list

alanc3141592654
Level 1
Level 1

Hey all,

Quick question, while setting up VRRP on a SVI with an access-list.

What do i need to allow for successful VRRP communication? protocol 112?

Do i even need to add this to the access-list?

Many Thanks,


Alan

1 Accepted Solution

Accepted Solutions

Ganesh Hariharan
VIP Alumni
VIP Alumni

Hey all,

Quick question, while setting up VRRP on a SVI with an access-list.

What do i need to allow for successful VRRP communication? protocol 112?

Do i even need to add this to the access-list?

Many Thanks,


Alan

Hi Alan,

VRRP  runs on its own protocol number from the source interface IP to the multicast address of 224.0.0.18,so access-listwill be in the below fashion.

access-list 101 permit 112 any host 224.0.0.18

VRRP-E An enhanced version of VRRP that overcomes limitations in the standard protocol and runs on UDP/8888 from the source interface IP to the multicast address of 224.0.0.2

access-list 101 permit 112 any host 224.0.0.2 eq 8888

Hope to help !!

If helpful do rate the post

Ganesh.H

View solution in original post

3 Replies 3

Ganesh Hariharan
VIP Alumni
VIP Alumni

Hey all,

Quick question, while setting up VRRP on a SVI with an access-list.

What do i need to allow for successful VRRP communication? protocol 112?

Do i even need to add this to the access-list?

Many Thanks,


Alan

Hi Alan,

VRRP  runs on its own protocol number from the source interface IP to the multicast address of 224.0.0.18,so access-listwill be in the below fashion.

access-list 101 permit 112 any host 224.0.0.18

VRRP-E An enhanced version of VRRP that overcomes limitations in the standard protocol and runs on UDP/8888 from the source interface IP to the multicast address of 224.0.0.2

access-list 101 permit 112 any host 224.0.0.2 eq 8888

Hope to help !!

If helpful do rate the post

Ganesh.H

Jon Marshall
Hall of Fame
Hall of Fame

alanc3141592654 wrote:

Hey all,

Quick question, while setting up VRRP on a SVI with an access-list.

What do i need to allow for successful VRRP communication? protocol 112?

Do i even need to add this to the access-list?

Many Thanks,


Alan

Alan

In addtition to Ganesh's response. If the acl is applied outbound on your vlan interfaces then you don't need to worry because acl's applied outbound do not restrict traffic generated by the router itself.

If applied inbound then yes you need to allow it.

Jon

Hey Guys,

Thanks for your quick response.

I tested and it works great

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco