OSPF route filtering

Posted: February 1, 2016 in CISCO

Untitled

In this example route 10.16.3.0 from area 0 will be filtered on ARB R1 router,so that route won’t be advertised on R3 router on area 34

R3(config-router)#do sh ip route 10.16.0.0 255.255.0.0 longer-prefixes
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 15 subnets, 3 masks

O IA    10.16.3.0/24 [110/75] via 10.11.1.2, 00:18:17, Serial1/0
O IA    10.16.2.0/24 [110/75] via 10.11.1.2, 00:18:17, Serial1/0
O IA    10.16.1.0/24 [110/75] via 10.11.1.2, 00:18:17, Serial1/0

Route 10.16.3.0 is advertised to R3 via R1,so we must filter that route on R1.

R1:

!
interface FastEthernet0/0
ip address 10.11.6.1 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.11.5.1 255.255.255.252
duplex auto
speed auto
!
interface Serial1/0
ip address 10.11.1.2 255.255.255.252
!
interface Serial1/1
ip address 10.11.3.2 255.255.255.252
!
interface Serial1/2
ip address 10.12.1.2 255.255.255.252
!
interface FastEthernet2/0
ip address 10.11.9.1 255.255.255.252
!
router ospf 1
network 10.11.1.2 0.0.0.0 area 34
network 10.11.3.2 0.0.0.0 area 34
network 10.11.7.1 0.0.0.0 area 0
network 10.11.5.1 0.0.0.0 area 0
network 10.11.6.1 0.0.0.0 area 0
network 10.11.9.1 0.0.0.0 area 0
network 10.12.1.2 0.0.0.0 area 5

 

R2:

 

!
interface FastEthernet0/0
ip address 10.11.8.1 255.255.255.252
!
interface FastEthernet0/1
ip address 10.11.5.1 255.255.255.252
!
interface Serial1/0
ip address 10.11.2.2 255.255.255.252
!
interface Serial1/1
ip address 10.11.4.2 255.255.255.252
!
interface Serial1/2
ip address 10.12.2.2 255.255.255.252
!
interface FastEthernet2/0
ip address 10.11.9.2 255.255.255.252
!
router ospf 3
network 10.11.2.2 0.0.0.0 area 34
network 10.11.4.2 0.0.0.0 area 34
network 10.11.5.1 0.0.0.0 area 0
network 10.11.8.1 0.0.0.0 area 0
network 10.11.9.2 0.0.0.0 area 0
network 10.12.2.2 0.0.0.0 area 5

 

R3:

 

!
interface FastEthernet0/0
ip address 10.1.1.1 255.255.255.0
!
interface Serial1/0
ip address 10.11.1.1 255.255.255.252
!
interface Serial1/1
ip address 10.11.2.1 255.255.255.252
!
router ospf 1
network 10.1.1.1 0.0.0.0 area 34
network 10.11.1.1 0.0.0.0 area 34
network 10.11.2.1 0.0.0.0 area 5

R4:

!
interface Serial1/0
ip address 10.11.3.1 255.255.255.252
!
interface Serial1/1
ip address 10.11.4.1 255.255.255.252
!
router ospf 2
network 10.1.1.2 0.0.0.0 area 34
network 10.11.3.1 0.0.0.0 area 34
network 10.11.4.1 0.0.0.0 area 5

R5:

interface Loopback0
ip address 10.2.1.1 255.255.255.0
!
interface Serial1/0
ip address 10.12.2.1 255.255.255.252
!
interface Serial1/1
ip address 10.12.1.1 255.255.255.252
!
router ospf 2
log-adjacency-changes
network 10.2.1.1 0.0.0.0 area 5
network 10.0.0.0 0.255.255.255 area 5

SW1:

!
interface Loopback0
ip address 10.16.1.1 255.255.255.0
!
interface Loopback1
ip address 10.16.2.1 255.255.255.0
!
interface Loopback2
ip address 10.16.3.1 255.255.255.0
!
interface FastEthernet0/0
ip address 10.11.6.2 255.255.255.252
!
interface FastEthernet0/1
ip address 10.11.7.1 255.255.255.252
!
interface FastEthernet2/0
ip address 10.11.5.2 255.255.255.252
!
router ospf 3
network 10.11.4.0 0.0.3.255 area 0
network 10.16.0.0 0.0.3.255 area 0

SW2:

!
interface FastEthernet0/0
ip address 10.11.8.2 255.255.255.252
!
interface FastEthernet0/1
ip address 10.11.7.2 255.255.255.252
!
interface FastEthernet2/0
ip address 10.11.5.2 255.255.255.252
!
router ospf 3
log-adjacency-changes
network 10.11.5.2 0.0.0.0 area 0
network 10.11.7.2 0.0.0.0 area 0
network 10.11.8.2 0.0.0.0 area 0

Create prefix list for subnet we want to exclude from reaching area 34:

R1(config)#ip prefix-list deny_10_16_3 seq 5 deny 10.16.3.0/24

Allow all other traffic:

R1(config)#ip prefix-list deny_10_16_3 seq 10 permit  0.0.0.0/0 le 32

Apply filter list incoming (in) in area 34:

R1(config-router)#area 34 filter-list prefix deny_10_16_3 in

This will prevent route 10.16.3.0 reaching all routers in Area 34.

If we want to prevent reaching route to specific router,we need on that router to create prefix list (the same way as in previous example)

R3(config)#ip prefix-list deny_10_16_3 seq 5 deny 10.16.3.0/24
R3(config)#ip prefix-list deny_10_16_3 seq 10 permit  0.0.0.0/0 le 32

Apply prefix list using distribute list:

R3(config)#router ospf 1
R3(config)#distribute-list prefix deny_10_16_3 in

R3#sh ip route 10.16.0.0 255.255.0.0 longer-prefixes
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     10.0.0.0/8 is variably subnetted, 15 subnets, 3 masks
O IA    10.16.2.0/24 [110/75] via 10.11.1.2, 00:02:25, Serial1/0
O IA    10.16.1.0/24 [110/75] via 10.11.1.2, 00:02:25, Serial1/0
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s