RE: Filtering/Poisoning ISIS injected 0.0.0.0/0 default route

From: Long Kwok (lkwok@ccieunix.com)
Date: Mon May 30 2005 - 13:03:04 GMT-3

• Next message: ccie2be: "RE: RATE-LIMIT vs POLICE"
• Previous message: Long Kwok: "RE: Filtering/Poisoning ISIS injected 0.0.0.0/0 default route"
• Maybe in reply to: ccie2be: "RE: Filtering/Poisoning ISIS injected 0.0.0.0/0 default route"
• Next in thread: Long Kwok: "RE: Filtering/Poisoning ISIS injected 0.0.0.0/0 default route"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Tim thanks for summing those possibilities up I never heard of the
first one , this is the one Bob demonstrated ?? I was trying the
distance 255 method on the routers that actually had the default route
injected into them , I tried that acl I sent the other day and it did
not filter that default route out , and I am assuming that even though
this default route is automatically injected via the normal behavior of
isis , that lab states not default routing period and proctors will take
the points away

TIA Long

-----Original Message-----
From: ccie2be [mailto:ccie2be@nyc.rr.com]
Sent: Monday, May 30, 2005 7:17 AM
To: 'Bob Sinclair'; Long Kwok; ccielab@groupstudy.com
Subject: RE: Filtering/Poisoning ISIS injected 0.0.0.0/0 default route
from L1 internal routers

Hi Bob, Kwok, et al,

With the set-attach-bit command included, would you agree that there are
3
methods to filter a default route in Kwok's scenario?

1. Use, no set-attach-bit (or use with route-map)

2. Use the distribute-list and acl to filter default route.

3. Use the distance command.

BTW, I don't see anything wrong with how Kwok used the distance command.
Shouldn't that have worked?

TIA, Tim

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Bob
Sinclair
Sent: Monday, May 30, 2005 8:47 AM
To: Long Kwok; ccielab@groupstudy.com
Subject: Re: Filtering/Poisoning ISIS injected 0.0.0.0/0 default route
from
L1 internal routers

Long Kwok,

Here is a config and link that permits conditional setting of the
attached
bit. I wonder if something along these lines would help.
!
router isis
 net 39.0001.0000.0000.7201.00
 set-attached-bit route-map CONDITION
!
route-map CONDITIONmatch int
loop101http://www.cisco.com/warp/public/cc/pd/iosw/prodlit/isis_an.htmBo
b
SinclairCCIE #10427, CCSI 30427, CISSPwww.netmasterclass.net-----
Original
Message -----
  From: Long Kwok
  To: ccielab@groupstudy.com
  Sent: Sunday, May 29, 2005 3:03 PM
  Subject: Filtering/Poisoning ISIS injected 0.0.0.0/0 default route
from L1
internal routers

  Hi,

  I have been trying to filter out the automatically injected 0.0.0.0/0
  route that the L2 border router injects into its L1 internal neighbors
  as I guess it would be considered cheating on lab and you cannot do
that
  I was trying to filter via distance 255 under L1 routers isis router
  process but not working. Here is what I tried.

  Router isis

    Distance 255 0.0.0.0 255.255.255.255 1

  Access-list 1 deny 0.0.0.0 0.0.0.0

  Tia Long

• Next message: ccie2be: "RE: RATE-LIMIT vs POLICE"
• Previous message: Long Kwok: "RE: Filtering/Poisoning ISIS injected 0.0.0.0/0 default route"
• Maybe in reply to: ccie2be: "RE: Filtering/Poisoning ISIS injected 0.0.0.0/0 default route"
• Next in thread: Long Kwok: "RE: Filtering/Poisoning ISIS injected 0.0.0.0/0 default route"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jun 03 2005 - 10:12:03 GMT-3