From: Antonio Soares (amsoares@netcabo.pt)
Date: Sat Jul 21 2007 - 10:53:30 ART
Hello Ben,
At the ABR, you have available the feature "OSPF ABR Type 3 LSA Filtering":
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hirp_c
/ch15/habrt3f.htm
Regards,
Antonio Soares
CCIE #18473, CCNP, CCIP
_____
From: Ben [mailto:bmunyao@gmail.com]
Sent: sabado, 21 de Julho de 2007 12:47
To: Antonio Soares
Cc: Cisco certification
Subject: Re: OSPF Filtering
Hi
Thank you all for responding.
Derek - the ACL solution works like a charm, and so far its what i use for
this kind of a question. I envisage a situation where cisco tells you not to
use a distribute list. Other IGPs (DV protocols) have many options for doing
this, including distance, offset-list, distribute-list ACL, distribute-list
route-map etc. OSPF is rather limited comparatively.
Antonio - the information about match ip route-source is a gem. I had no
idea. Thanks for the link.
In summary, within an ospf area, the solution is as follows:
1.you can use an extended ACL as indicated in example1.
2.You can also use a route-map with match ip next-hop, provided the next hop
is identified with an access-list, not a prefix-list.
3.Lastly, you can use a route-map with match ip route-source, with the
route-source IP matching the router-id of the router that sent the LSA. I
presume the route-source IP would also need to be defined in an ACL, not ip
prefex-list.
I will try labbing the last two again at the next opportunity.
I wonder if there are other alternatives.
At ABRs, I'm aware of the following ways to filter routes across area
boundaries:
area 1 prefix-list
area 1 range no-advertise
This is from Wendell Odom's CCIE R&S Exam guide. Are there any other ways
besides the above?
Thank you all once again.
Ben
On 7/21/07, Antonio Soares <amsoares@netcabo.pt> wrote:
Hello Ben,
I'm not sure but i think the "OSPF Route Map Inbound Filtering" feature does
not support prefix-lists. In your example #2 and #3 replace your
prefix-lists with standard acl's and it should work. Don't forget that when
matching the route-source, you need to specify the Router-Id. See the
details here:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hirp_c
<http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hirp_
c>
/ch15/hroutma.htm
Regards,
Antonio Soares
CCIE #18473, CCNP, CCIP
-----Original Message-----
From: nobody@groupstudy.com [mailto: nobody@groupstudy.com
<mailto:nobody@groupstudy.com> ] On Behalf Of Ben
Sent: sexta-feira, 20 de Julho de 2007 23:19
To: Cisco certification
Subject: OSPF Filtering
Hi
This is a scenario I encountered in an IE lab. IGP is OSPF and the
requirement is to have R1 get the 10.10.4.0/24 subnet from only one source.
10.10.1.0/24
/-------------R2----|
/ |
R1------/ |10.10.4.0/24
s0/0 \ |
\ |
\--------------R3---|
R1 gets the route 10.10.4.0/24 from R2 and R3 thro OSPF
O 10.10.4.0 [110/65] via 10.10.1.2 .......
[110/65] via 10.10.1.3 <http://10.10.1.3> ........
In order to filter out the advert from R3 and use only R2 for forwarding,
one can use an extended ACL as follows:
Solution 1
access-l 100 deny host 10.10.1.3 <http://10.10.1.3> host 10.10.4.0
router ospf 1
distribute-list 100 in s0/0
I tried using a route-map to do the same without much success. Here is what
i did:
Solution 2
ip pref vl4 permit 10.10.4.0/24
ip pref R3 permit 10.10.1.3/32
route-m FILTER deny 10
match ip add pref vl4
match ip next-hop pref R3
route-m FILTER permit 20
router ospf 1
distribute-list route-m FILTER in
Solution 3
p pref vl4 permit 10.10.4.0/24
ip pref R3 permit 10.10.1.3/32
route-m FILTER deny 10
match ip add pref vl4
match ip route-source pref R3
route-m FILTER permit 20
router ospf 1
distribute-list route-m FILTER in
Neither solution 2 nor solution 3 worked for me. Logically they appear
sound. i would appreciate any comments on these approaches.
TIA
Ben
This archive was generated by hypermail 2.1.4 : Sat Aug 18 2007 - 08:17:41 ART