I tried it out and unfortunately that only works with LSA Type 3 and not external routes (Type 5).

Try this at your router

enable

configure terminal

router ospf process-id

area area-id nssa translate type7 suppress-fa end

Well, my area 1 is not NSSA. Will it work in that case?

Hi

Im not very sure about the below suggestion.

Can u try a distribute-list out in the originating router as cisco claims it works for external routes ?

Let me know if this sugession is stupid one.

Doing anything on the originating router will not work as the default route needs to be propagated to all routers inside Area 1 (where it originated). The requirement is to block it from getting advertised to Area 0 and other areas.

hi Ryan

i am wondring why u put permit in the prefix list that match the 0.0.0.0/0

while he wants to deny it ?

thanks in advance

Would be nice if distribution lists worked this way for OSPF but all they do is prevent routes from being created from the lsa entries they do not affect the LSA advertisements themselves. Even if you can configure a outbound distribution list it will not have any effect.

The case Ryan is using is a prefix list filter on a area not a distribution list. Unfortunately default route is almost always a type 5 or type 7 so it will have no effect.

I have a similar issue and was hoping someone has a alternative the inbound distribution lists on multiple routers.

Very correct Tim. No distribution list will prevent a Type 5 LSA from being flooded throughout the OSPF network.

Hello Tim,

in a case like this I would start to think to use two ospf processes at the current ABRs (0,1) and then filter the default route when redistributing edge ospf process into core ospf process.

It is a little more complex but you do it on one or two routers: all routers in area 0 and other areas are untouched.

Or I would consider to make area 1 an NSSA area and to avoid to advertise the prefix at ABRs(1,0) by setting no-propagate on the ASBR that generates the default route.

Otherwise you need to filter on all routers in all areas except area 1.

Is this manageable on the long term ?

Hope to help

Giuseppe

Hmm...NSSA may not work for Area 1 as it needs to receive external routes from Area 0.

Filtering on all routers is theoretically possible but impractical for a large network.

So it looks like there is no way you can filter Type 5 LSAs between areas (on an ABR) expect on a router by router basis. Am I thinking correctly?

This is kind of a thumbs down for OSPF, but in the current situation, I guess I will work around with configuring static default routes on Area 1 routers.

NSSA you have a chance to do this in a very narrow case. I did not post it before because it is a bad thing to do.

The key is that a ABR router will not translate type 7 to type 5 and distribute them into area 0 if the P bit is not set. The P will not be set if the asbr router that creates the type 7 is also a ABR router. This is in theory because this router has already translated from 7 to 5 and so nobody else in the NSSA should.

The trick is to add a second area "not zero" to a ASBR router. This makes it a ABR router but since it really doen't have a connection to area 0 it didn't really do the type 7 to 5 conversion even though it is telling everyone else it did by clearing the p bit.

You now have external routes that do not leave a area but you set yourself up for a bunch of other ponetial issues.

Not that I would ever recommends this but I have had it happen by accident.