Re: Filtering/Poisoning ISIS injected 0.0.0.0/0 default route

From: Sean C (Upp_and_Upp@hotmail.com)
Date: Mon May 30 2005 - 12:15:44 GMT-3

• Next message: Roy Dempsey: "Re: RATE-LIMIT vs POLICE"
• Previous message: Brian McGahan: "RE: CCIE Written study material"
• Maybe in reply to: Bob Sinclair: "Re: Filtering/Poisoning ISIS injected 0.0.0.0/0 default route"
• Next in thread: Tom Nooning: "Re: Filtering/Poisoning ISIS injected 0.0.0.0/0 default route"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Agree with Ian.

Long - with your ACL, since you are denying '0.0.0.0 0.0.0.0', you are not
allowing anything to match the distance command under the router process.
You have to allow the default route to be permitted.

router isis
distance 255 0.0.0.0 255.255.255.255 10

access-list 10 permit 0.0.0.0 0.0.0.0

I know I've seen this is in a DoIT lab, one of the lower number labs like -
lab 6, 7 or 8.

HTH, Sean
----- Original Message -----
From: "Ian Henderson" <ianh@chime.net.au>
To: "ccie2be" <ccie2be@nyc.rr.com>
Cc: "'Bob Sinclair'" <bsin@cox.net>; "'Long Kwok'" <lkwok@ccieunix.com>;
<ccielab@groupstudy.com>
Sent: Monday, May 30, 2005 10:30 AM
Subject: RE: Filtering/Poisoning ISIS injected 0.0.0.0/0 default route from
L1 internal routers

> On Mon, 30 May 2005, ccie2be wrote:
>
>> BTW, I don't see anything wrong with how Kwok used the distance command.
>> Shouldn't that have worked?
>>
>> Router isis
>> Distance 255 0.0.0.0 255.255.255.255 1
>>
>> Access-list 1 deny 0.0.0.0 0.0.0.0
>
> 'access-list 1 permit 0.0.0.0 0.0.0.0' is what you're after here. This
> shows up as 'access-list 1 permit any' in the running config.
>
> Rack1R3#show run | inc access-list 1
> access-list 1 permit any
> Rack1R3#show ip route 0.0.0.0
> % Network not in table
> Rack1R3#conf t
> Enter configuration commands, one per line. End with CNTL/Z.
> Rack1R3(config)#no access-list 1
> Rack1R3(config)#access-list 1 deny 0.0.0.0 0.0.0.0
> Rack1R3(config)#
> Rack1R3#show
> 6d05h: %SYS-5-CONFIG_I: Configured from console by console
> Rack1R3#show ip route 0.0.0.0
> Routing entry for 0.0.0.0/0, supernet
> Known via "isis", distance 115, metric 10, candidate default path, type
> level-2
> Redistributing via isis
> Last update from 149.1.127.4 on FastEthernet0/0, 00:00:00 ago
> Routing Descriptor Blocks:
> * 149.1.127.4, from 149.1.254.4, via FastEthernet0/0
> Route metric is 10, traffic share count is 1
>
> Rack1R3#
>
>
> --
> Ian Henderson CCNA, CCNP
> Senior Network Engineer
>
> iiNet Limited
> Chime Communications Pty Ltd
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Roy Dempsey: "Re: RATE-LIMIT vs POLICE"
• Previous message: Brian McGahan: "RE: CCIE Written study material"
• Maybe in reply to: Bob Sinclair: "Re: Filtering/Poisoning ISIS injected 0.0.0.0/0 default route"
• Next in thread: Tom Nooning: "Re: Filtering/Poisoning ISIS injected 0.0.0.0/0 default route"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jun 03 2005 - 10:12:03 GMT-3