RE: distance cli in ospf not working ?

From: Daniel Kutchin (daniel@kutchin.com)
Date: Wed Jan 28 2009 - 06:58:21 ARST

Guarav -

Option 2 will not work for 2 reasons

1st Reason
^^^^^^^^^^
When using route-maps, watch your syntax. See link:

"OSPF Inbound Filtering Using Route Maps with a Distribute List"
http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/routmap.html

<Quote>
When a match is done on the route source, the route source
represents the OSPF /_Router ID_/ of the LSA originator of
the LSA in which the prefix is advertised.
</Quote>

SOLUTION-1:
Adjust your access-list 2 in option 2
!
access-l 2 perm ho 150.1.3.3 !-- Router-ID of R3

2nd Reason
^^^^^^^^^^
Depending on who the Desig Router is on the link R3---R4
- you will either see BOTH ENTRIES or NEITHER ENTRY

This is because the DR is the route source for both entries
("sh ip ro 142.1.34.0 | incl from")

SOLUTION-2:
Add "ip ospf network point-to-point" to
the interfaces on the link R3---R4

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

COMBINE SOLUTION-1 AND SOLUTION-2 TO MAKE OPTION 2 TO WORK

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

As a side-note,

the alternative (the older way) for option 1 is to
use EXTENDED ACLs.

access-list {num} {permit|deny} ip {next-hop} {prefix}

For your case, use the following command lines:

!--- The log-input parameter will teach you the syntax ---
!
access-l 134 deny ip host 143.1.0.3 host 142.1.34.0 log-input
access-l 134 perm ip any any log-input
!
router ospf 10
distr 134 in

-
Daniel

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
GAURAV MADAN
Sent: Dienstag, 27. Januar 2009 16:16
To: Cisco certification
Subject: Re: distance cli in ospf not working ?

Just an addition to what I asked,

I tried the 2nd option "distribute-list" in OSPF process .. and again 1
doubt
hovering over my head

Rack1R5(config)#do sh access-li
Standard IP access list 1
    10 permit 142.1.34.0, wildcard bits 0.0.0.255 log
Standard IP access list 2
    10 permit 142.1.0.3

I do not want 142.1.34.0/24 to come via 142.1.0.3

If I say :

route-map TEST, deny 10
  match ip address 1
  match ip next-hop 2
route-map TEST permit 20
!

Or if I say :

route-map TEST, deny 10
  match ip address 1
  match ip route-source 2
route-map TEST permit 20
!

What's the difference between 1 and 2 options above
I see that 1 works but 2 does not work.

Isn't 142.1.0.3 my route-source?

Can someone point out mistake in my understanding

Best Regards
Gaurav Madan
On Tue, Jan 27, 2009 at 8:37 PM, GAURAV MADAN
<gauravmadan1177@gmail.com>wrote:

> Hi group
>
> I have following topo :
>
>
> R5
> / \
> / \
> / \
> / \
> R3 ----- R4
>
> The ethernet netw 142.1.34.0/24 between R3 and R4 is learnt on R5 via R3
> as well as R4 ( R3,R4,R5 is hub and spoke FR .. all using physical
> interfaces ) .
> I want to learn via R4 only . Not via R3
>
> Prior to config :
>
> Rack1R5(config)#do sh ip route os
> 142.1.0.0/16 is variably subnetted, 7 subnets, 2 masks
> O 142.1.0.4/32 [110/64] via 142.1.0.4, 00:00:52, Serial0/0/0
> O 142.1.0.3/32 [110/64] via 142.1.0.3, 00:00:52, Serial0/0/0
> O 142.1.34.0/24 [110/65] via 142.1.0.4, 00:00:52, Serial0/0/0
> <<<<<<<<<
> [110/65] via 142.1.0.3, 00:00:52,
> Serial0/0/0 <<<<<<<<<
> O 142.1.89.0/24 [110/2] via 142.1.58.8, 00:00:52, FastEthernet0/1
> 150.1.0.0/16 is variably subnetted, 3 subnets, 2 masks
> O 150.1.4.4/32 [110/65] via 142.1.0.4, 00:00:52, Serial0/0/0
> O 150.1.3.3/32 [110/65] via 142.1.0.3, 00:00:52, Serial0/0/0
>
>
> Now I configure
>
> Rack1R5(config)#do sh ip access-li
> Standard IP access list 1
> 10 permit 142.1.34.0, wildcard bits 0.0.0.255 log
>
>
> outer ospf 10
> router-id 150.1.5.5
> log-adjacency-changes
> network 142.1.0.5 0.0.0.0 area 345
> network 142.1.5.5 0.0.0.0 area 5
> network 142.1.58.5 0.0.0.0 area 0
> network 150.1.5.5 0.0.0.0 area 345
> distance 255 142.1.0.3 0.0.0.0 1 <<<<<<<<<
> !
>
> But I still see route learnt via both the neighbors .
> Can someone point out to problem
>
>
> Just FYI : R3 R4 R5 share common area .. I know of "distance" and
> "distribute list" as tool to do intra-area filtering . Havent dist list ..
> just want to know why my sol didnt worked
>
> Thnx
> Gaurav Madan.

Blogs and organic groups at http://www.ccie.net

This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:40 ARST