02-21-2010 09:53 PM - edited 03-06-2019 09:49 AM
Hey all,
Quick question, while setting up VRRP on a SVI with an access-list.
What do i need to allow for successful VRRP communication? protocol 112?
Do i even need to add this to the access-list?
Many Thanks,
Alan
Solved! Go to Solution.
02-21-2010 11:12 PM
Hey all,
Quick question, while setting up VRRP on a SVI with an access-list.
What do i need to allow for successful VRRP communication? protocol 112?
Do i even need to add this to the access-list?
Many Thanks,
Alan
Hi Alan,
VRRP runs on its own protocol number from the source interface IP to the multicast address of 224.0.0.18,so access-listwill be in the below fashion.
access-list 101 permit 112 any host 224.0.0.18
VRRP-E An enhanced version of VRRP that overcomes limitations in the standard protocol and runs on UDP/8888 from the source interface IP to the multicast address of 224.0.0.2
access-list 101 permit 112 any host 224.0.0.2 eq 8888
Hope to help !!
If helpful do rate the post
Ganesh.H
02-21-2010 11:12 PM
Hey all,
Quick question, while setting up VRRP on a SVI with an access-list.
What do i need to allow for successful VRRP communication? protocol 112?
Do i even need to add this to the access-list?
Many Thanks,
Alan
Hi Alan,
VRRP runs on its own protocol number from the source interface IP to the multicast address of 224.0.0.18,so access-listwill be in the below fashion.
access-list 101 permit 112 any host 224.0.0.18
VRRP-E An enhanced version of VRRP that overcomes limitations in the standard protocol and runs on UDP/8888 from the source interface IP to the multicast address of 224.0.0.2
access-list 101 permit 112 any host 224.0.0.2 eq 8888
Hope to help !!
If helpful do rate the post
Ganesh.H
02-22-2010 03:22 AM
alanc3141592654 wrote:
Hey all,
Quick question, while setting up VRRP on a SVI with an access-list.
What do i need to allow for successful VRRP communication? protocol 112?
Do i even need to add this to the access-list?
Many Thanks,
Alan
Alan
In addtition to Ganesh's response. If the acl is applied outbound on your vlan interfaces then you don't need to worry because acl's applied outbound do not restrict traffic generated by the router itself.
If applied inbound then yes you need to allow it.
Jon
02-22-2010 03:39 PM
Hey Guys,
Thanks for your quick response.
I tested and it works great
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: