Advertising OSPF and security

was looking through a network I inherited and saw the below:
Is the deny-ospf-out acl doing anything? I don't see it being applied to any interface or referenced anywhere else.

Is it safe to assume that we are advertising OSPF out to everyone?
access-list deny-ospf-out standard permit 172.16.0.0 255.255.0.0
access-list deny-ospf-out standard permit 10.80.8.0 255.255.255.0
access-list deny-ospf-out standard permit 192.168.100.0 255.255.255.0
access-list permit-ospf-out standard permit any
access-list private-inbound extended deny ip any 10.10.10.0 255.255.255.0
access-list private-inbound extended permit ip 172.16.0.0 255.255.0.0 any
 
 
 
 
access-group private-inbound in interface inside
access-group outside-to-inside in interface outside

Open in new window

dissolvedAsked:
Who is Participating?
 
Don JohnstonInstructorCommented:
The name of the ACL is just that... a name. It has no bearing on what it actually does. That said, most people that use named ACL's will use the name to reflect what it does. In your case, however, that does not appear to be the case. Your deny-ospf-out ACL is simply denying (or ignoring) traffic from 172.16.0.0/16, 10.80.8.0/24 and 192.168.100.0/24 addresses.

If it's not applied to any interface, a routing protocol distribute list or a route map, then it's not doing anything.

0
 
dissolvedAuthor Commented:
thanks. Does this mean we are advertising OSPF out to the internet :0
0
 
Don JohnstonInstructorCommented:
Depending on your configuration, it's possible. There's certainly nothing about the ACL that would explicitly deny it.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.