OSPF Route Filtering

Download

Topology

OSPF Route Filtering Topology

R1 (config) #int fa0/0

R1 (config-if) #ip add 172.10.1.1 255.255.255.0

R1 (config-if) #no shut

R1 (config) #int fa0/1

R1 (config-if) #ip add 172.10.2.1 255.255.255.0

R1 (config-if) #no shut

R1 (config) #int s0/0

R1 (config-if) #ip add 192.168.1.1 255.255.255.0

R1 (config-if) #no shut

R2 (config) #int fa0/0

R2 (config-if) #ip add 172.20.1.1 255.255.255.0

R2 (config-if) #no shut

R2 (config) #int fa0/1

R2 (config-if) #ip add 172.20.2.1 255.255.255.0

R2 (config-if) #no shut

R2 (config) #int s0/0

R2 (config-if) #ip add 192.168.2.1 255.255.255.0

R2 (config-if) #no shut

R2 (config-if) #int lo1

R2 (config-if) #ip add 172.168.1.1 255.255.255.0

R2 (config-if) #int lo2

R2 (config-if) #ip add 172.168.2.1 255.255.255.0

R2 (config-if) #int lo3

R2 (config-if) #ip add 172.168.3.1 255.255.255.0

R2 (config-if) #int lo4

R2 (config-if) #ip add 172.168.4.1 255.255.255.0

R2 (config-if) #int lo5

R2 (config-if) #ip add 172.168.5.1 255.255.255.0

R3 (config) #int fa0/0

R3 (config-if) #ip add 172.30.1.1 255.255.255.0

R3 (config-if) #no shut

R3 (config) #int fa0/1

R3 (config-if) #ip add 172.30.2.1 255.255.255.0

R3 (config-if) #no shut

R3 (config) #int s0/0

R3 (config-if) #ip add 192.168.3.1 255.255.255.0

R3 (config-if) #no shut

R4 (config) #int fa0/0

R4 (config-if) #ip add 172.40.1.1 255.255.255.0

R4 (config-if) #no shut

R4 (config) #int fa0/1

R4 (config-if) #ip add 172.40.2.1 255.255.255.0

R4 (config-if) #no shut

R4 (config) #int s0/0

R4 (config-if) #ip add 192.168.4.1 255.255.255.0

R4 (config-if) #no shut

R5 (config) #int s0/0

R5 (config-if) #ip add 192.168.1.2 255.255.255.0

R5 (config-if) #no shut

R5 (config) #int s0/1

R5 (config-if) #ip add 192.168.2.2 255.255.255.0

R5 (config-if) #no shut

R5 (config) #int s0/2

R5 (config-if) #ip add 192.168.3.2 255.255.255.0

R5 (config-if) #no shut

R5 (config) #int s0/3

R5 (config-if) #ip add 192.168.4.2 255.255.255.0

R5 (config-if) #no shut

R5#ping 192.168.1.1 to 4.1

successful

R1 (config) #int fa0/0

R1 (config-if) #ip os 100 area 1

R1 (config) #int fa0/1

R1 (config-if) #ip os 100 area 1

R1 (config) #int s0/0

R1 (config-if) #ip os 100 area 1

R2 (config) #int fa0/0

R2 (config-if) #ip os 100 area 0

R2 (config) #int fa0/1

R2 (config-if) #ip os 100 area 0

R2 (config) #int s0/0

R2 (config-if) #ip os 100 area 0

R3 (config) #int fa0/0

R3 (config-if) #ip os 100 area 2

R3 (config) #int fa0/1

R3 (config-if) #ip os 100 area 2

R3 (config) #int s0/0

R3 (config-if) #ip os 100 area 2

R4 (config) #int fa0/0

R4 (config-if) #ip os 100 area 3

R3 (config) #int fa0/1

R3 (config-if) #ip os 100 area 3

R3 (config) #int s0/0

R3 (config-if) #ip os 100 area 3

R5 (config) #int s0/0

R5 (config-if) #ip os 100 area 1

R5 (config) #int s0/1

R5 (config-if) #ip os 100 area 0

R5 (config) #int s0/2

R5 (config-if) #ip os 100 area 2

R5 (config) #int s0/3

R5 (config-if) #ip os 100 area 3

R1#sh ip route os

R2 (config) #router os 100

R2 (config-router) #redistribute ei 100 subnets metric-type 1

R1#sh ip route os

R2 (config) #router ei 100

R2 (config-router) #no auto-summary

R2 (config-router) #network 172.168.1.0 0.0.0.255

R2 (config-router) #network 172.168.2.0 0.0.0.255

R2 (config-router) #network 172.168.3.0 0.0.0.255

R2 (config-router) #network 172.168.4.0 0.0.0.255

R2 (config-router) #network 172.168.5.0 0.0.0.255

Apply Access-List on R1

R1 (config) #access-list 10 deny 172.40.1.0 0.0.0.255

R1 (config) #access-list 10 deny 172.40.2.0 0.0.0.255

R1 (config) #access-list 10 permit any

R1 (config) #router os 100

R1 (config-router) #distribute-list 10 in s0/0

R1#sh ip route os

We can see the effect here.

Now we will remove distribute list

R1 (config) #router os 100

R1 (config-router) #no distribute-list 10 in s0/0

R1#sh ip route os

Now we will get all the routes.

This above was route filtering via access-list

Now we will perform route filtering via route-map

R1 (config) #route-map abc deny 10

R1 (config) #match ip address 10

R1 (config) #exit

R1 (config) #route-map abc permit 20

We create here an access-list 10 and denied 40.1 and 40.2 IP. Except this all routes are permit.

After that we created a route-map named ‘abc’

R1 (config) #router os 100

R1 (config-router) #distribute-list route-map abc in

R1#sh ip route os

What we can see here all the routes are denied except the 40.1 and 40.2 routes.

Now we will remove this

R1 (config-router) #no distribute-list route-map abc in

Now we will see prefix-list

R1#sh ip route os

R1 (config) #ip prefix-list abc deny 172.30.0.0 /16 ge 24 le 24

R1 (config) #ip prefix-list abc permit 0.0.0.0/0 le 32

R1 (config) #router os 100

R1 (config-router) #distribute-list prefix abc in s0/0

R1#sh ip route os

We cannot see 172.30 routes here.

Now we will remove this

R1 (config) #router os 100

R1 (config-router) #no distribute-list prefix abc in s0/0

R1#sh ip route os

Now we can see all the routes once again.

OSPF also offer route filtering via route tagging

Now we will go on R2

R2 (config) #router os 100

R2 (config-router) #no redistribute ei 100 subnet metric-type 1

R2 (config) #router os 100

R2 (config-router) #redistribute ei 100 subnets metric-type 1 tag 100

R1#sh ip route os

It contains external routes.

R1#sh ip os database

We can see tag is 100

R3#sh ip os database

Tag is 100

R4#sh ip os database

Tag is 100

R1 (config) #route-map as 100

R1 (config) #match tag 100

R1 (config) #exit

R1 (config) #router os 100

R1 (config) #distribute-list route-map as 100 in

R1#sh ip route os

In ospf we can use area filter list. It will apply on ABR

Here ABR is R5

We will block 40 series

Area filter list only works with prefix-list.

R5 (config) #ip prefix-list abc deny 172.40.0.0/16 ge 24 le 24

R5 (config) #ip prefix-list abc permit 0.0.0.0 /0 le 32

R5 (config) #router os 100

R5 (config-router) #area 1 filter-list prefix abc in

R1#sh ip route os

R2#sh ip route os

R3#sh ip route os

----

@NetwaxLab