Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

how to use the command "ip ospf database-filter all out"?

I have 3 rotuers all connected with the same LAN:

R1(e0:10.1.1.1)--------------------(e0:10.1.1.2)R2

|

|

|

|

(e0:10.1.1.3)R3

they are runing OSPF routing protocol, I want to filter the LSA from R1

I configured on R1:

int e0

ip ospf database-filter all out

and after that, I restarted the ospf process.

but R2 and R3 still can see the route from R1 via OSPF, why?

1 ACCEPTED SOLUTION

Accepted Solutions

Re: how to use the command "ip ospf database-filter all out"?

Hello,

which router is the DR on your Ethernet segment ?

Regards,

GNT

7 REPLIES

Re: how to use the command "ip ospf database-filter all out"?

Hello,

which router is the DR on your Ethernet segment ?

Regards,

GNT

New Member

Re: how to use the command "ip ospf database-filter all out"?

I think you are right. If I configured it on DR, it will not send LAS out that interface. Many thanks...

Cisco Employee

Re: how to use the command "ip ospf database-filter all out"?

This command should work whether you apply it to any router no matter if it is the DR or not.

Hope this helps,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Cisco Employee

Re: how to use the command "ip ospf database-filter all out"?

You probably applied the "ip ospf database-filter" command after R2 and R3 already had R1s LSA in their LSDB.

Try reloading R2 and R3. you should see a difference.

Hope this helps,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

Re: how to use the command "ip ospf database-filter all out"?

I re-start the ospf process, but no help.

Cisco Employee

Re: how to use the command "ip ospf database-filter all out"?

The restart might not be sufficient if you do it on the router in DROTHER state. The reason is that after the process restart the LSAs will be received from the DR, assuming the DR is not the router with the "ip ospf database-filter" command.

Also bear in mind that this command should only be used to prevent excessive LSA update replication in highly redundant topologies. Causing routers in the same area to have different LSDBs is probably not a good idea. May I ask what you are trying to achieve.

Thanks,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

Re: how to use the command "ip ospf database-filter all out"?

ospf database-filter all out, is also supported on the PIX/ASA/FWSM, and provides a very good way of preventing the sending of private routes to external routers etc, while dynamically learning routes for redundancy. As discussed, you need to make sure who becomes the DR, as any DR with this command enabled will prevent other routers from populating their routing tables. Need to set priority to zero, also need to set the router-id to a non used address (not sure if this is a Firewall Issue).

2359
Views
0
Helpful
7
Replies