block rip updates using access list

**blackbird** · 22-12-2009, 13:44

Dear all

i want to block RIP updates from propagating using access-list

i know that RIP updates sent on UDP port 520 and sent either broadcast (RiIP v1) or multicast (RIP v2)

i know that we can make it easily by using passive-interface, but the main question if i make access-list to allow only TCP connections, is this mean that the RIP updates will not passed as it uses UDP port 520?

i tried it in example but rip updates is propagated .

i don't know why

R0 Cionfiguration

interface Ethernet0/0
ip address 11.0.0.1 255.0.0.0
ip access-group 100 out
half-duplex
!
interface Ethernet0/3
ip address 10.0.0.1 255.0.0.0
half-duplex
!
router rip
network 10.0.0.0
network 11.0.0.0
!
access-list 100 permit tcp any any
access-list 100 deny udp any any
!

R1 Cionfiguration

interface Ethernet0/0
ip address 11.0.0.2 255.0.0.0
half-duplex
!
interface Ethernet0/1
ip address 12.0.0.1 255.0.0.0
half-duplex
!
router rip
network 11.0.0.0
network 12.0.0.0

R2 Cionfiguration

interface Ethernet0/1
ip address 12.0.0.2 255.0.0.0
half-duplex
!
interface Ethernet0/3
ip address 13.0.0.1 255.0.0.0
half-duplex
!
router rip
network 12.0.0.0
network 13.0.0.0
!

although i make Access-list in R0 to block all UDP , the rip updates propagated from R0 to R1 and R2.
R1 and R2 have Network 10.0.0.0 in their Routing table from RIP

plz need help

Thanks
BR

**medo_1988** · 22-12-2009, 13:55

distribute list ..
بس بأمانه مش فاكر أوامرها خالص لأنى سايب الموضوع ده بقالى 6 شهور تقريبا ومكنتش ذاكرته كويس ايامها

**minimax** · 22-12-2009, 14:08

outbound access lists will not match traffic that is generated by the router and that's why nothing will match the access-list. Only traffic going thru the router will match the outbound access-list

**hisooka_dos** · 22-12-2009, 14:21

المشاركة الأصلية كتبت بواسطة minimax

outbound access lists will not match traffic that is generated by the router and that's why nothing will match the access-list. Only traffic going thru the router will match the outbound access-list

كلامك صح ...

**blackbird** · 22-12-2009, 14:32

المشاركة الأصلية كتبت بواسطة minimax

outbound access lists will not match traffic that is generated by the router and that's why nothing will match the access-list. Only traffic going thru the router will match the outbound access-list

thanks alot

gzak allah khiran

thanks alot for u all for ur replies

**أيمن النعيمي** · 22-12-2009, 14:47

المشاركة الأصلية كتبت بواسطة minimax

outbound access lists will not match traffic that is generated by the router and that's why nothing will match the access-list. Only traffic going thru the router will match the outbound access-list

شكرا اخ محمد على هذه الاضافة الجميلة
الصراحة المعلومة هذه رايحة عن بالي وماخطرتلي ابدا
جزاك الله خيرا اخي