Re: Deny OSPF neighbor relationship using access list

From: Tyson Scott (tscott@ipexpert.com)
Date: Tue Jun 24 2008 - 13:44:53 ART

• Next message: Jack Tsai: "secondary IP"
• Previous message: Anderson Nery Vilas Boas: "SP lab SWAP"
• Maybe in reply to: ISolveSystems: "Deny OSPF neighbor relationship using access list"
• Next in thread: Luan Nguyen: "RE: Deny OSPF neighbor relationship using access list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

OK,
As a recommendation in the future please provide more detail of the
setup. Your last statement is not covered at all in your original
question.

Turn on authentication on the interface between the two you want to
form an adjacency. If this still is not an option for you please
provide more detail about your setup and why various methodologies
wont work for you.

On Tue, Jun 24, 2008 at 11:56 AM, ISolveSystems
<support@isolvesystems.com> wrote:
> The second recommendation is not going to work because the two neighbors are
> on the same interface. I want to deny one of them.
>
> On Tue, Jun 24, 2008 at 10:28 AM, Tyson Scott <tscott@ipexpert.com> wrote:
>>
>> Then do my second recommendation
>>
>> On Tue, Jun 24, 2008 at 11:23 AM, ISolveSystems
>> <support@isolvesystems.com> wrote:
>> > I change it to .6. Same result.
>> >
>> > On Tue, Jun 24, 2008 at 10:01 AM, Tyson Scott <tscott@ipexpert.com>
>> > wrote:
>> >>
>> >> Well,
>> >> You would want to do .5 and .6 not .4 and .5
>> >>
>> >> deny ospf host 1.1.1.1 host 1.1.1.2
>> >> deny ospf host 1.1.1.1 host 224.0.0.5
>> >> deny ospf host 1.1.1.1 host 224.0.0.6
>> >>
>> >> if that still doesn't work only add the network statement that you
>> >> want OSPF running on and then redistribute the route for the
>> >> interfaces you don't want it running on.
>> >>
>> >>
>> >>
>> >> On Tue, Jun 24, 2008 at 10:23 AM, ISolveSystems
>> >> <support@isolvesystems.com> wrote:
>> >> > Hello Expert,
>> >> > I am trying to deny OSPF from forming relationship between ASAs. I
>> >> > tried
>> >> > the following without success. 1.1.1.1 is the neighbor IP address.
>> >> > 1.1.1.2is the local interface IP.
>> >> >
>> >> > access-list DMZ-IN extended deny ospf host 1.1.1.1 host 1.1.1.2
>> >> > access-list DMZ-IN extended deny ospf host 1.1.1.1 host 224.0.0.5
>> >> > access-list DMZ-IN extended deny ospf host 1.1.1.1 host 224.0.0.4
>> >> > access-list DMZ-IN extended deny ip host 1.1.1.1 host 224.0.0.5
>> >> > access-list DMZ-IN extended deny ip host 1.1.1.1 host 224.0.0.4
>> >> >
>> >> > Any idea?
>> >> >
>> >> > Thanks.
>> >> >
>> >> >
>> >> >
>> >> > _______________________________________________________________________
>> >> > Subscription information may be found at:
>> >> > http://www.groupstudy.com/list/CCIELab.html
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >>
>> >>
>>
>>

-- 
Tyson Scott - CCIE #13513 R&S and Security
Technical Instructor - IPexpert, Inc.
Telephone: +1.810.326.1444
Fax: +1.810.454.0130
Mailto: tscott@ipexpert.com

• Next message: Jack Tsai: "secondary IP"
• Previous message: Anderson Nery Vilas Boas: "SP lab SWAP"
• Maybe in reply to: ISolveSystems: "Deny OSPF neighbor relationship using access list"
• Next in thread: Luan Nguyen: "RE: Deny OSPF neighbor relationship using access list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jul 01 2008 - 06:23:23 ART