From: Ben (bmunyao@gmail.com)
Date: Sat Jul 21 2007 - 08:47:29 ART
Hi
Thank you all for responding.
Derek - the ACL solution works like a charm, and so far its what i use for
this kind of a question. I envisage a situation where cisco tells you not to
use a distribute list. Other IGPs (DV protocols) have many options for doing
this, including distance, offset-list, distribute-list ACL, distribute-list
route-map etc. OSPF is rather limited comparatively.
Antonio - the information about match ip route-source is a gem. I had no
idea. Thanks for the link.
In summary, within an ospf area, the solution is as follows:
1.you can use an extended ACL as indicated in example1.
2.You can also use a route-map with match ip next-hop, provided the next hop
is identified with an access-list, not a prefix-list.
3.Lastly, you can use a route-map with match ip route-source, with the
route-source IP matching the router-id of the router that sent the LSA. I
presume the route-source IP would also need to be defined in an ACL, not ip
prefex-list.
I will try labbing the last two again at the next opportunity.
I wonder if there are other alternatives.
At ABRs, I'm aware of the following ways to filter routes across area
boundaries:
area 1 prefix-list
area 1 range no-advertise
This is from Wendell Odom's CCIE R&S Exam guide. Are there any other ways
besides the above?
Thank you all once again.
Ben
On 7/21/07, Antonio Soares <amsoares@netcabo.pt> wrote:
>
> Hello Ben,
>
> I'm not sure but i think the "OSPF Route Map Inbound Filtering" feature
> does
> not support prefix-lists. In your example #2 and #3 replace your
> prefix-lists with standard acl's and it should work. Don't forget that
> when
> matching the route-source, you need to specify the Router-Id. See the
> details here:
>
>
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hirp_c
> /ch15/hroutma.htm
>
>
> Regards,
>
> Antonio Soares
> CCIE #18473, CCNP, CCIP
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Ben
> Sent: sexta-feira, 20 de Julho de 2007 23:19
> To: Cisco certification
> Subject: OSPF Filtering
>
> Hi
>
> This is a scenario I encountered in an IE lab. IGP is OSPF and the
> requirement is to have R1 get the 10.10.4.0/24 subnet from only one
> source.
>
> 10.10.1.0/24
> /-------------R2----|
> / |
> R1------/ |10.10.4.0/24
> s0/0 \ |
> \ |
> \--------------R3---|
>
>
> R1 gets the route 10.10.4.0/24 from R2 and R3 thro OSPF
>
> O 10.10.4.0 [110/65] via 10.10.1.2 .......
> [110/65] via 10.10.1.3 ........
>
> In order to filter out the advert from R3 and use only R2 for forwarding,
> one can use an extended ACL as follows:
>
> Solution 1
>
> access-l 100 deny host 10.10.1.3 host 10.10.4.0
>
> router ospf 1
> distribute-list 100 in s0/0
>
> I tried using a route-map to do the same without much success. Here is
> what
> i did:
>
> Solution 2
>
> ip pref vl4 permit 10.10.4.0/24
> ip pref R3 permit 10.10.1.3/32
>
> route-m FILTER deny 10
> match ip add pref vl4
> match ip next-hop pref R3
> route-m FILTER permit 20
>
> router ospf 1
> distribute-list route-m FILTER in
>
> Solution 3
>
> p pref vl4 permit 10.10.4.0/24
> ip pref R3 permit 10.10.1.3/32
>
> route-m FILTER deny 10
> match ip add pref vl4
> match ip route-source pref R3
> route-m FILTER permit 20
>
> router ospf 1
> distribute-list route-m FILTER in
>
>
> Neither solution 2 nor solution 3 worked for me. Logically they appear
> sound. i would appreciate any comments on these approaches.
>
> TIA
> Ben
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Aug 18 2007 - 08:17:41 ART