From: Sage Vadi (sagevadi@yahoo.co.uk)
Date: Tue Dec 24 2002 - 03:35:35 GMT-3
Richard,
You are correct.
I tested with 12.2(12.5)T and noticed that the routes
were still there.
Thus I have verified the following:
Standard ACL
Standard NAMED ACL
Both work for distribute lists in OSPF
Extended ACL <-- does not give you a warning
Extended NAMED <-- gives you a warning
Both do NOT work as of 12.2(12.5)T. Cisco should give
you a warning when you try to use extended ACL in the
distribute lists but it doesn't... I wonder why? It
does give you a warning when you try to use the
Extended NAMED.
rgds,
Sage
--- Richard Hanks <ccieingroup@hotmail.com> wrote: >
Hi Sage,
> Are you sure your extended access-list works fine
> with the distribute-list? I have tried it in my lab
> but it didn't work at all. That is why I changed the
> configuration to you from your 108 to 1 last time.
>
> Richard Hanks
> ----- Original Message -----
> From: Sage Vadi
> To: Cliff Moseley
> Cc: ccielab@groupstudy.com
> Sent: Monday, December 23, 2002 12:16 AM
> Subject: Re: OSPF: distribute-lists
>
>
> Cliff,
>
> ACL type is irrelevant.
>
> I have tested in my lab with extended it works
> fine.
>
> The problem I was doing was not using "distribute
> list
> in", my mistake was adding the "interface" keyword
> to
> the end of this command. And also forgettng about
> LSAs/OSPF database, so my distribute-list will now
> be
> put into R1.
>
> This is my config for my distribute-lists - indeed
> it
> is based on a named ACL.
>
> ip access-list standard DISTLIST
> deny 160.160.0.0 0.0.3.255
> permit any
>
>
> --- Cliff Moseley <cliffmoseley@hotmail.com>
> wrote: >
> use a standard access-list
> >
> >
> >
> > >From: Sage Vadi <sagevadi@yahoo.co.uk>
> > >Reply-To: Sage Vadi <sagevadi@yahoo.co.uk>
> > >To:
> > >Subject: OSPF: distribute-lists
> > >Date: Sun, 22 Dec 2002 10:20:06 +0000 (GMT)
> > >
> > >This is what CCO says:
> > >
> > >Q: Can I use the distribute-list in/out command
> > with
> > >OSPF to filter routes?
> > >
> > >A: OSPF routes can't be filtered from entering
> the
> > >OSPF database. The distribute-list in command
> only
> > >filters routes from entering the routing table,
> but
> > it
> > >doesn't prevent link-state packets from being
> > >propagated.
> > >
> > >~~~ MY PROBLEM ~~~
> > >
> > >Diagram:
> > >
> > >R1
> > >|
> > >R2--R3
> > >
> > >R1 learns 160.160.0.0/22 from R2, R2 learns
> this
> > from
> > >R3. Fairly simple right?
> > >
> > >I want to put a distribute-list inbound on R2's
> > serial
> > >interface to prevent R1 from learning this
> > >route/network.
> > >
> > >Config on R2 here:
> > >
> > >distribute-list 108 in Serial1/0
> > >access-list 108 deny ip 160.160.0.0 0.0.3.255
> any
> > >
> > >Problem:
> > >
> > >R1 still has the route in it's routing table!!!
> > Doh!
> > >CCO says it should not be in the routing table,
> but
> > it
> > >should be in the OSPF database.
> > >
> > >Q) Any tips/help/suggestions?
> > >
> > >rgds,
> > >Sage
> > >
> > >
> > >
> > >
> >
> >__________________________________________________
> > >Do You Yahoo!?
> > >Everything you'll ever need on one web page
> > >from News and Sport to Email and Music Charts
> > >http://uk.my.yahoo.com
> > >.
> >
>
>
>__________________________________________________________________
> > >To unsubscribe from the CCIELAB list, send a
> > message to
> > >majordomo@groupstudy.com with the body
> containing:
> > >unsubscribe ccielab
> >
> >
> >
>
>
This archive was generated by hypermail 2.1.4 : Fri Jan 17 2003 - 17:21:52 GMT-3