Does the use of extended IP access control lists (ACLs) filter regular routing updates (such as OSPF)? Do I need to explicitly permit the multicast IPs used by routing protocols (such as 224.0.0.5 and 224.0.0.6, in the case of OSPF) for updates to ensure the proper working of routing protocols?

Any IP ACL on an interface is applied to any IP traffic on that interface. All IP routing updates packets are handled as regular IP packets at the interface level, and, thus, they are matched with the ACL defined at the interface using the access-listcommand. To ensure that the routing updates are not denied by ACLs, permit them using the following statements.

To permit RIP use:

access-list 102 permit udp any any eq rip

To permit IGRP use:

access-list 102 permit igrp any any

To permit EIGRP use:

access-list 102 permit eigrp any any

To permit OSPF use:

access-list 102 permit ospf any any

To permit Border Gateway Protocol (BGP) use:

access-list 102 permit tcp any any eq 179 access-list 102 permit tcp any eq 179 any

For more information on ACLs, refer to Configuring IP Access Listsand Configuring Commonly Used IP ACLs.