Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6205
Views
5
Helpful
6
Replies

How to block an OSPF route

nawas
Level 4
Level 4

‎12-04-2006 06:30 AM - last edited on ‎03-25-2019 03:52 PM by Community Manager

I have a Router A and B connected via Ethernet and talking OSPF, router A has about 200 subnet but I want only 2 subnet to go to router B, and router B has 5 subnet and I want only couple hosts from router B LAN and loopback to be seen (for mgmt purpose) on router A.I have tried distribute list but either it blocked all or permit all. Please advice.

Thanks.

Labels:
0 Helpful
6 Replies 6

mark.edwards
Level 1
Level 1

‎12-04-2006 06:38 AM

distribute-lists in OSPF can only be used to filter external routes when redistributing into the ospf domain. In your example you could make the area "stub no-summary" which would limit the routes router B receives to a default route (plus any other routes in it's area). Another way of filtering in OSPF is to use a filter-list (see below format) but again this only filters between areas.

area 1 filter-list prefix

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to mark.edwards

‎12-04-2006 07:17 AM

Nawaz

It is difficult to do route filtering in link state protocols like OSPF because the link state protocol needs to know the full information about the area so that it can draw the area topology map so that it can avoid looops. Needing the full topology information within the area basically means that you can not filter advertisements of the links.

The one place where route filtering does work as expected is the one that Mark points out. If you are redistributing routes into OSPF you can use distribute lists and filter out certain route advertisements.

But what I have said does not mean that you can not use distribute lists with OSPF, it just means that the distribute list will not work as most of us expect it to. If you configure a proper distribute list and apply the distribute list inbound, then the distribute list will prevent those routes from being put into the local IP routing table. Those routes will still be present in the OSPF link state data base and those routes will be advertised to neighbors. This is why I say it does not work as most of us expect.

But in your situation where you have two routers talking to each other and you want to selectively suppress some routes it should be possible. If you say that you tried and it either denied all or permitted all then I suspect that there was a flaw in the way that you configured the distribute list. If you will provide details of what you want to accomplish and details of what you configured, then perhaps we can show you how to accomplish it.

HTH

Rick

HTH

Rick
0 Helpful

nawas
Level 4
Level 4
In response to Richard Burts

‎12-04-2006 08:32 AM

Rick

Thank you for your detail response, here is what I tried,

I configured access-list 19 on router B because I want router B to learn only these two subnets from router A (remember router A has more than 200 subnets)

access-list 19 permit 10.1.21.0 0.0.0.255

access-list 19 permit 10.1.22.0 0.0.0.255

access-list 19 deny any

RouterB#

Router ospf 1

Distribute-list 19 in fast Ethernet 1/0

On Router A, I want router A to know only loopback and switch management IP (host addresses) I configured

access-list 19 permit 192.168.215.26

access-list 19 permit 192.168.215.33

access-list 19 permit 192.168.215.39

access-list 19 deny any

RouterA#

Router ospf 1

distribute-list 19 in vlan 815

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to nawas

‎12-04-2006 08:53 AM

Nawaz

The access list and distribute list on router B look ok. As long as 10.1.21.0/24 and 10.1.22.0/24 are advertised by OSPF over interface FastEthernert1/0 then they should show up in the routing table and no other routes advertised by OSPF over interface FastEthernet1/0 should be in the local routing table.

On router A it is a bit more problematic. Your distribute list permits 3 specific host addresses and denies everything else. If those 3 host addresses were being advertised individually your distribute list should work. But I doubt that the 3 host addresses are advertised individually. It is much more likely that the subnet to which they belong is advertised. In that case the distribute list on router A will not put any routes from the other router into its local routing table.

HTH

Rick

HTH

Rick

nawas
Level 4
Level 4
In response to Richard Burts

‎12-04-2006 09:07 AM

Is there a way to allow these hosts then? one host address is a loopback which i think will allow.

Thanks again for your expert advice.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to nawas

‎12-04-2006 09:11 AM

Nawaz

If you want to control access to allow just those host addresses I think that doing it with an access list on the interface would be more effective than trying to do it by controlling routing updates.

HTH

Rick

HTH

Rick
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card