7-1 distribute-list access-list-number in

 <  Free Open Study  >  

7-1 distribute-list access-list-number in

Syntax Description:

  • access-list-number ” Standard IP access number used to determine which routes learned via OSPF will be prevented from being installed in the IP routing table. The range of access list numbers is 1 “99 and 1300 “2699.

Purpose: To prevent OSPF learned routes from being installed in the IP routing table. Even though an OSPF route may be prevented from being installed in the IP routing table, the route will still be in the OSPF database and advertised to OSPF neighbors. If you want to block a particular route or group of routes from entering the IP routing table, use a distribute list on all OSPF routers.

Initial Cisco IOS Software Release: 10.0

Configuration Example: Preventing OSPF Learned Routes from Being Installed in the IP Routing Table

In Figure 7-1, Router A is receiving the OSPF routes 2.2.2.2, 3.3.3.3, and 4.4.4.4 from Router B. Start by configuring Routers A and B as shown in the listing that follows .

Figure 7-1. A Distribute List/Access List Controls Which OSPF Routes Are Transferred from the OSPF Database into the IP Routing Table

graphics/07fig01.gif

 Router A  interface Loopback0   ip address 1.1.1.1 255.255.255.255   !   interface Ethernet0/0   ip address 172.16.1.1 255.255.255.0   !   router ospf 1   network 1.1.1.1 0.0.0.0 area 1   network 172.16.1.0 0.0.0.255 area 0  ________________________________________________________________________________ Router B  interface Loopback0   ip address 2.2.2.2 255.255.255.255   !   interface Loopback1   ip address 3.3.3.3 255.255.255.255   !   interface Loopback2   ip address 4.4.4.4 255.255.255.255   !   interface Ethernet0   ip address 172.16.1.2 255.255.255.0   !   router ospf 1   router-id 2.2.2.2   network 2.2.2.2 0.0.0.0 area 2   network 3.3.3.3 0.0.0.0 area 0   network 4.4.4.4 0.0.0.0 area 4   network 172.16.1.2 0.0.0.0 area 0  

Verify that Routers A and B have established a FULL OSPF neighbor relationship.

 rtrA#  show ip ospf neighbor  Neighbor ID     Pri   State           Dead Time   Address         Interface 2.2.2.2           1  FULL/BDR  00:00:30    172.16.1.2      Ethernet0/0 ________________________________________________________________________________ rtrB#  show ip ospf neighbor  Neighbor ID     Pri   State           Dead Time   Address         Interface 1.1.1.1           1  FULL/DR  00:00:38    172.16.1.1      Ethernet0 

Verify that Router A is receiving the routes 2.2.2.2, 3.3.3.3, and 4.4.4.4 from Router B.

 rtrA#  show ip route  Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP        D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area        N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2        E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP        i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area        * - candidate default, U - per-user static route, o - ODR        P - periodic downloaded static route Gateway of last resort is not set      1.0.0.0/32 is subnetted, 1 subnets C       1.1.1.1 is directly connected, Loopback0      2.0.0.0/32 is subnetted, 1 subnets  O IA    2.2.2.2 [110/11] via 172.16.1.2, 00:04:28, Ethernet0/0  3.0.0.0/32 is subnetted, 1 subnets  O       3.3.3.3 [110/11] via 172.16.1.2, 00:04:28, Ethernet0/0  4.0.0.0/32 is subnetted, 1 subnets  O IA    4.4.4.4 [110/11] via 172.16.1.2, 00:04:28, Ethernet0/0  172.16.0.0/24 is subnetted, 1 subnets C       172.16.1.0 is directly connected, Ethernet0/0 

For illustrative purposes, verify that these three routes are in the OSPF database on Router A.

 rtrA#  show ip ospf database  OSPF Router with ID (1.1.1.1) (Process ID 1)                 Router Link States (Area 0) Link ID         ADV Router      Age         Seq#       Checksum Link count 1.1.1.1         1.1.1.1         493         0x800000A5 0x8F6F   1  2.2.2.2         2.2.2.2         489         0x80000030 0x7ECF   2  Net Link States (Area 0) Link ID         ADV Router      Age         Seq#       Checksum 172.16.1.1      1.1.1.1         496         0x80000001 0x6DFD                 Summary Net Link States (Area 0) Link ID         ADV Router      Age         Seq#       Checksum 1.1.1.1         1.1.1.1         714         0x80000033 0xE21F  2.2.2.2         2.2.2.2         487         0x80000049 0x6A79   4.4.4.4         2.2.2.2         490         0x80000001 0x9E85  Router Link States (Area 1) Link ID         ADV Router      Age         Seq#       Checksum Link count 1.1.1.1         1.1.1.1         726         0x80000001 0xD351   1                 Summary Net Link States (Area 1) Link ID         ADV Router      Age         Seq#       Checksum  2.2.2.2         1.1.1.1         492         0x80000001 0x7DA8   3.3.3.3         1.1.1.1         492         0x80000001 0x4FD2   4.4.4.4         1.1.1.1         492         0x80000001 0x21FC  172.16.1.0      1.1.1.1         496         0x80000003 0x3B34 

Modify the configuration on Router A to prevent the OSPF routes 2.2.2.2 and 3.3.3.3 from being installed in the IP routing table.

 Router A  router ospf 1   network 1.1.1.1 0.0.0.0 area 1   network 172.16.1.0 0.0.0.255 area 0    distribute-list 1 in    !    access-list 1 deny   2.2.2.0 0.0.0.255     access-list 1 deny   3.3.3.0 0.0.0.255     access-list 1 permit any   
Verification

Verify that the OSPF routes 2.2.2.2 and 3.3.3.3 have been blocked from entering the IP routing table on Router A. They should be absent from the IP routing table.

 rtrA#  show ip route  Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP        D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area        N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2        E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP        i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area        * - candidate default, U - per-user static route, o - ODR        P - periodic downloaded static route Gateway of last resort is not set      1.0.0.0/32 is subnetted, 1 subnets C       1.1.1.1 is directly connected, Loopback0      4.0.0.0/32 is subnetted, 1 subnets O IA    4.4.4.4 [110/11] via 172.16.1.2, 00:03:39, Ethernet0/0      172.16.0.0/24 is subnetted, 1 subnets C       172.16.1.0 is directly connected, Ethernet0/0 

Verify that the routes 2.2.2.2 and 3.3.3.3 are still in the OSPF database on Router A.

 rtrA#  show ip ospf database  OSPF Router with ID (1.1.1.1) (Process ID 1)                 Router Link States (Area 0) Link ID         ADV Router      Age         Seq#       Checksum Link count 1.1.1.1         1.1.1.1         951         0x800000A5 0x8F6F   1  2.2.2.2         2.2.2.2         947         0x80000030 0x7ECF   2  Net Link States (Area 0) Link ID         ADV Router      Age         Seq#       Checksum 172.16.1.1      1.1.1.1         954         0x80000001 0x6DFD                 Summary Net Link States (Area 0) Link ID         ADV Router      Age         Seq#       Checksum 1.1.1.1         1.1.1.1         1172        0x80000033 0xE21F  2.2.2.2         2.2.2.2         945         0x80000049 0x6A79  4.4.4.4         2.2.2.2         948         0x80000001 0x9E85                 Router Link States (Area 1) Link ID         ADV Router      Age         Seq#       Checksum Link count 1.1.1.1         1.1.1.1         1184        0x80000001 0xD351   1                 Summary Net Link States (Area 1) Link ID         ADV Router      Age         Seq#       Checksum  3.3.3.3         1.1.1.1         946         0x80000001 0x4FD2  4.4.4.4         1.1.1.1         946         0x80000001 0x21FC 172.16.1.0      1.1.1.1         950         0x80000003 0x3B34 
Troubleshooting
Step 1. Verify that there is a neighbor relationship between the OSPF routers by using the show ip ospf neighbor command.

Step 2. Verify that the distribute-list command is referencing the correct access list number.

Step 3. Verify the syntax of the access list.

Step 4. Verify that the access list has been referenced by using the command show ip access-lists access-list-number. For example, for the preceding configuration, the output should be:

 rtrA#  show ip access-lists 1  Standard IP access list 1     deny   2.2.2.0, wildcard bits 0.0.0.255 (  1 match  ) check=4     deny   3.3.3.0, wildcard bits 0.0.0.255 (  1 match  ) check=3     permit any (  3 matches  ) 
 <  Free Open Study  >  


Cisco[r] OSPF Command and Configuration Handbook
Cisco OSPF Command and Configuration Handbook (paperback)
ISBN: 1587055406
EAN: 2147483647
Year: 2002
Pages: 236

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net