From: Djerk Geurts (djerk.geurts@nl.easynet.net)
Date: Wed Aug 01 2007 - 15:42:54 ART
If I want to block hello's from being sent out an interface on the
router itself. Can I use an ACL? I've tried it and it doesn't work...
IOS: 3640 /w 12.4(8c) or 12.4(7e) IP+
interface FastEthernet0/0
description *** C3548 F0/3 - VL3 O#3 ***
ip address 15.1.3.3 255.255.255.0
ip access-group NACL-R3-F0/0-OUT out
ip ospf 1 area 3
R3#sh access-list
Extended IP access list NACL-R3-F0/0-OUT
10 deny ip any host 224.0.0.5
20 deny ospf any host 224.0.0.5
30 deny ospf any any
40 permit ip any any
R3#
*Mar 17 00:01:32.891: OSPF: Send hello to 224.0.0.5 area 3 on
FastEthernet0/0 from 152.1.3.3
*Mar 17 00:01:32.891: IP: s=152.1.3.3 (local), d=224.0.0.5
(FastEthernet0/0), len 76, sending broad/multicast
The debug shows that the router generates and sends hellos, the
interface counters increate as do the counters on the attached switch.
So all in all either one can't filter this on the router itself and I
need to config it on the switch. Or, these IOSes are broken. Or, I'm
doing something utterly wrong.
I do have another solution that does work which is to set the network
type to non-broadcast which stops the router from sending hello's but if
another device were to initiate a neighborship the router would respond
resulting in hellos being sent.
-- Djerk www.djerk.nl
This archive was generated by hypermail 2.1.4 : Sat Sep 01 2007 - 11:32:09 ART