Re: distribute-list gateway

From: Hobbs (deadheadblues@gmail.com)
Date: Wed Feb 04 2009 - 20:30:34 ARST

Funny thing, that was a PERMIT prefix-list, hmm...
So it must not have matched the router-ID and just denied everything.

Back to the drawing the board...

On Wed, Feb 4, 2009 at 3:27 PM, Hobbs <deadheadblues@gmail.com> wrote:
> Hello Roger,
>
> Yes, it appears to work that way:
>
> R4#sho ip osp ne
>
> Neighbor ID Pri State Dead Time Address Interface
> 3.3.3.3 0 FULL/ - 00:00:35 192.168.34.3 Serial1/1
> 5.5.5.5 0 FULL/ - 00:00:32 192.168.45.5 Serial1/0
>
> R4#sho ip route | inc 34.3
> Gateway of last resort is 192.168.34.3 to network 0.0.0.0
> O 192.168.23.0/24 [110/6] via 192.168.34.3, 00:00:10, Serial1/1
> O 192.168.3.0/24 [110/2] via 192.168.34.3, 00:00:10, Serial1/1
> O*E2 0.0.0.0/0 [110/1] via 192.168.34.3, 00:00:05, Serial1/1
>
> Next hop is 192.168.34.3, router-id is 3.3.3.3
>
> Now I make the list:
>
> R4(config)#ip prefix-list R3 permit 3.3.3.3/32
> R4(config)#router ospf 1
> R4(config-router)#distribute-list gateway R3 in serial 1/1
> R4(config-router)#^Z
> R4#clear ip route *
>
> No more routes from 34.3:
>
> R4#sho ip route | inc 34.3
> R4#
>
>
> -hth
>
>
> On Wed, Feb 4, 2009 at 3:11 PM, Roger RPF <rpf@bluemail.ch> wrote:
>> Luan,
>>
>> In the first link of your post, it is written (according to this cisco guy)
>> that with OSPF it is the router-id of the neighbor...as I would imagine.
>>
>> Copy from this mail of the link...
>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>> Hi George... following is an explanation by Faraz Shamim @cisco.
>>
>> //snip//
>>
>> This is a generic options for all the routing protocols not just OSPF.
>> Gateway is the ip address of the neighbor whom you receive a routing update
>> from. This term make more sense in RIP and IGRP. Incase of OSPF its the
>> router ID of the neighbor.
>>
>> Lets say you want to block full or partial routing update from a neighbor on
>> a broadcast segment like ethernet. If you do passive interface in case of
>> OSPF then it will affect all the neighbors on that segment so one option
>> there is to use gateway with distribute-list.
>>
>> Note, this option is only valid for inbound distribute-list. Outbound
>> distribute-list will not work and it does not make sense, thats why its not
>> supported.
>>
>> //snip//
>> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>>
>> So I guess I really have to check it once with ospf, for the other protocols
>> it is clear to me...
>> Can one proof the correct behavior with OSPF???
>>
>>
>> regards
>>
>> Roger
>>
>>
>> -----Urspr|ngliche Nachricht-----
>> Von: nobody@groupstudy.com [mailto:nobody@groupstudy.com] Im Auftrag von
>> Luan Nguyen
>> Gesendet: Mittwoch, 4. Februar 2009 21:58
>> An: 'Tim'; 'Cisco certification'; security@groupstudy.com
>> Betreff: RE: distribute-list gateway
>>
>> Here's a link
>> http://www.cisco.com/en/US/docs/ios/12_1/iproute/command/reference/1rdrip.ht
>> ml#wp1025003
>>
>> Link to older group study post:
>> http://www.groupstudy.com/archives/ccielab/200206/msg00924.html
>>
>> Use prefix-list with next-hop IP address and not router-ID.
>>
>> Regards,
>>
>> Luan Nguyen
>> Chesapeake NetCraftsmen, LLC.
>> [W] http://www.netcraftsmen.net
>> [M] luan@netcraftsmen.net
>> [Blog] http://cnc-networksecurity.blogspot.com/
>>
>>
>>
>>
>> -----Original Message-----
>> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Tim
>> Sent: Wednesday, February 04, 2009 11:57 AM
>> To: 'Cisco certification'; security@groupstudy.com
>> Subject: distribute-list gateway
>>
>> Hi Guys,
>>
>>
>>
>> Is the above command undocumented?
>>
>>
>>
>> I couldn't find it in the command reference or by using the command lookup
>> tool.
>>
>>
>>
>> If the command is documented somewhere, could you post the link to it?
>>
>>
>>
>>
>>
>> Also, when using this command with ospf, should the ip of the neighbor
>> router be specified with the router ID or the ip add assigned to the
>> interface from which the updates are coming?
>>
>>
>>
>> Thanks in advance,
>>
>> Tim
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:44:10 ARST