RE: Filtering/Poisoning ISIS injected 0.0.0.0/0 default route

From: ccie2be (ccie2be@nyc.rr.com)
Date: Sun Jun 05 2005 - 06:45:55 GMT-3

• Next message: CCIE: "Re: Question about how to read utilization graphs from SNMP"
• Previous message: san: "Re: Question about how to read utilization graphs from SNMP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

San,

It sounds like the only way to accomplish this is by using the distance
command and route leaking.

Or, possibly configuring a summary route.

Remember, that if the default route is blocked from the L1 area, routers in
that area won't have reachability to the rest of the network without either
redist routes into the L1 area or using some other method.

At least, that's what I think.

Tim

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of san
Sent: Sunday, June 05, 2005 3:30 AM
To: Long Kwok
Cc: ccie2be; Bob Sinclair; ccielab@groupstudy.com
Subject: Re: Filtering/Poisoning ISIS injected 0.0.0.0/0 default route from
L1 internal routers

Long / Tim,

I retested the same today....could not stop default route using "no
set-attached-bit" under the ISIS process of L1/L2 which is attached to
L1 Rtr. (was able to stop with distance 255 in L1 router locally )

One more thing i found was, "distribute-list is not existing for ISIS
protocol" after further search DOC says "distribute-list" is only for
IP. (i assume it means only ip protocols not clns based protocols)
http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_command_refe
rence_chapter09186a008017d027.html#wp1039755

((My option would be not to mess with this type in real exam. If i
have time, i will ask proctor.))

/SAN

On 5/30/05, Long Kwok <lkwok@ccieunix.com> wrote:
> I tried adding that to R2 under its router isis process , R2 is the one
> injecting the 0/0 route into R6 , so after removing the distance command
> under R6 and clear ip route * , and verifying that R6 does again have
> the 0/0 route , I added the no set-attatch-bit under R2's isis process
> and cleared ip route but R6 still gets the 0/0 route ???
>
> Long
>
> -----Original Message-----
> From: ccie2be [mailto:ccie2be@nyc.rr.com]
> Sent: Monday, May 30, 2005 9:06 AM
> To: Long Kwok; 'Bob Sinclair'; ccielab@groupstudy.com
> Subject: RE: Filtering/Poisoning ISIS injected 0.0.0.0/0 default route
> from L1 internal routers
>
> Long,
>
> What happens if you configure, no set-attach-bit under the isis routing
> process? Doesn't that prevent the default route from being advertised
> from
> a L1/L2 router to a L1 router?
>
> Tim
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Long
> Kwok
> Sent: Monday, May 30, 2005 11:58 AM
> To: Bob Sinclair; ccielab@groupstudy.com
> Subject: RE: Filtering/Poisoning ISIS injected 0.0.0.0/0 default route
> from
> L1 internal routers
>
> Thanks Bob,
>
> I believe though that when you set the attatched bit doesn't this tell a
> router to send a default route into L1 only devices ? I was doing a lab
> that was not permitted to have any form of default 0/0 routes on any
> routers unless explicitly permitted , and within the isis topology ,
> there was an L1/L2 router then behind this L1/L2 router is a few L1
> only routers , I believe by default this L1/L2 ABR if you will ,
> automatically injects a 0/0 route to its internal L1 only
> bretherin...... Thanks so much for reply Bob
>
>
>
> TIA Long
>
>
>
> _____
>
> From: Bob Sinclair [mailto:bsin@cox.net]
> Sent: Monday, May 30, 2005 5:47 AM
> To: Long Kwok; ccielab@groupstudy.com
> Subject: Re: Filtering/Poisoning ISIS injected 0.0.0.0/0 default route
> from L1 internal routers
>
>
>
> Long Kwok,
>
>
>
> Here is a config and link that permits conditional setting of the
> attached bit. I wonder if something along these lines would help.
>
> !
> router isis
> net 39.0001.0000.0000.7201.00
> set-attached-bit route-map CONDITION
> !
> route-map CONDITION
> match int loop101
> http://www.cisco.com/warp/public/cc/pd/iosw/prodlit/isis_an.htm
> Bob Sinclair
>
> CCIE #10427, CCSI 30427, CISSP
>
> www.netmasterclass.net
>
> ----- Original Message -----
>
> From: Long Kwok <mailto:lkwok@ccieunix.com>
>
> To: ccielab@groupstudy.com
>
> Sent: Sunday, May 29, 2005 3:03 PM
>
> Subject: Filtering/Poisoning ISIS injected 0.0.0.0/0 default
> route from L1 internal routers
>
>
>
> Hi,
>
> I have been trying to filter out the automatically injected
> 0.0.0.0/0
> route that the L2 border router injects into its L1 internal
> neighbors
> as I guess it would be considered cheating on lab and you cannot
> do that
> I was trying to filter via distance 255 under L1 routers isis
> router
> process but not working. Here is what I tried.
>
>
>
> Router isis
>
> Distance 255 0.0.0.0 255.255.255.255 1
>
>
>
> Access-list 1 deny 0.0.0.0 0.0.0.0
>
>
>
> Tia Long
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: CCIE: "Re: Question about how to read utilization graphs from SNMP"
• Previous message: san: "Re: Question about how to read utilization graphs from SNMP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:40 GMT-3