< Free Open Study > |
7-7 distribute-list access-list- name in interface-type interface-numberSyntax Description:
Purpose: To prevent OSPF routes learned over a specific interface from being installed in the IP routing table. Even though an OSPF route may be prevented from being installed in the IP routing table, the route will still be in the OSPF database. The route could be learned via another OSPF interface and would therefore appear in the IP routing table. Initial Cisco IOS Software Release: 10.0. The interface-type and interface-number parameters were added in Release 11.2. Configuration Example: Preventing Routes Learned via OSPF Over a Specific Interface from Being Installed in the IP Routing TableIn Figure 7-5, Router A is receiving the OSPF routes 2.2.2.2, 3.3.3.3, and 4.4.4.4 from Router B over two serial interfaces. Start by configuring routes A and B as shown in the listing that follows the figure. Figure 7-5. A Distribute List/Named Access List Is Used to Control Which OSPF Routes, Learned Over a Specific Interface, Are Transferred from the OSPF Database into the IP Routing Table
Router A interface Loopback0 ip address 1.1.1.1 255.255.255.255 ! interface Serial0/0 ip address 10.1.1.6 255.255.255.252 no ip mroute-cache ! interface Serial0/1 ip address 10.1.1.1 255.255.255.252 clockrate 64000 ! router ospf 1 network 1.1.1.1 0.0.0.0 area 1 network 10.1.1.0 0.0.0.3 area 0 network 10.1.1.4 0.0.0.3 area 0 ________________________________________________________________________________ Router B interface Loopback0 ip address 2.2.2.2 255.255.255.255 ! interface Loopback1 ip address 3.3.3.3 255.255.255.255 ! interface Loopback2 ip address 4.4.4.4 255.255.255.255 ! interface Serial0 ip address 10.1.1.2 255.255.255.252 ! interface Serial1 bandwidth 64 ip address 10.1.1.5 255.255.255.252 clockrate 64000 ! router ospf 1 router-id 2.2.2.2 network 2.2.2.2 0.0.0.0 area 2 network 3.3.3.3 0.0.0.0 area 0 network 4.4.4.4 0.0.0.0 area 4 network 10.1.1.0 0.0.0.3 area 0 network 10.1.1.4 0.0.0.3 area 0 Verify that Routers A and B have established a FULL OSPF neighbor relationship. rtrA# show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 2.2.2.2 1 FULL/ - 00:00:34 10.1.1.5 Serial0/0 2.2.2.2 1 FULL/ - 00:00:38 10.1.1.2 Serial0/1 rtrB# show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 1.1.1.1 1 FULL/ - 00:00:32 10.1.1.1 Serial0 1.1.1.1 1 FULL/ - 00:00:30 10.1.1.6 Serial1 Verify that Router A is receiving the routes 2.2.2.2, 3.3.3.3, and 4.4.4.4 from Router B. rtrA# show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 1.0.0.0/32 is subnetted, 1 subnets C 1.1.1.1 is directly connected, Loopback0 2.0.0.0/32 is subnetted, 1 subnets O IA 2.2.2.2 [110/65] via 10.1.1.5, 00:00:10, Serial0/0 [110/65] via 10.1.1.2, 00:00:10, Serial0/1 3.0.0.0/32 is subnetted, 1 subnets O 3.3.3.3 [110/65] via 10.1.1.5, 00:00:10, Serial0/0 [110/65] via 10.1.1.2, 00:00:10, Serial0/1 4.0.0.0/32 is subnetted, 1 subnets O IA 4.4.4.4 [110/65] via 10.1.1.5, 00:00:10, Serial0/0 [110/65] via 10.1.1.2, 00:00:11, Serial0/1 172.16.0.0/24 is subnetted, 1 subnets C 172.16.1.0 is directly connected, Ethernet0/0 10.0.0.0/30 is subnetted, 2 subnets C 10.1.1.0 is directly connected, Serial0/1 C 10.1.1.4 is directly connected, Serial0/0 For illustrative purposes, verify that these three routes are in the OSPF database on Router A. rtrA# show ip ospf database OSPF Router with ID (1.1.1.1) (Process ID 1) Router Link States (Area 0) 1.1.1.1 1.1.1.1 1423 0x800000C1 0xE80E 4 2.2.2.2 2.2.2.2 1451 0x80000050 0xA7E3 5 Summary Net Link States (Area 0) Link ID ADV Router Age Seq# Checksum 1.1.1.1 1.1.1.1 165 0x80000044 0xC030 2.2.2.2 2.2.2.2 707 0x80000057 0x4E87 4.4.4.4 2.2.2.2 707 0x8000000F 0x8293 Router Link States (Area 1) Link ID ADV Router Age Seq# Checksum Link count 1.1.1.1 1.1.1.1 1666 0x80000008 0xC558 1 Summary Net Link States (Area 1) Link ID ADV Router Age Seq# Checksum 2.2.2.2 1.1.1.1 1423 0x80000006 0x9159 3.3.3.3 1.1.1.1 1669 0x80000009 0x5D86 4.4.4.4 1.1.1.1 1669 0x80000009 0x2FB0 10.1.1.0 1.1.1.1 168 0x80000007 0x36B3 10.1.1.4 1.1.1.1 1425 0x80000008 0xCD8 Modify the configuration on Router A to prevent the OSPF routes 2.2.2.2 and 3.3.3.3, received over interface Serial 0/0, and the routes 3.3.3.3 and 4.4.4.4, received over Serial 0/1, from being installed in the IP routing table. Router A router ospf 1 network 1.1.1.1 0.0.0.0 area 1 network 172.16.1.0 0.0.0.255 area 0 distribute-list filter-ospf1 in Serial0/0 distribute-list filter-ospf2 in Serial0/1 ! ip access-list standard filter-ospf1 deny 2.2.2.0 0.0.0.255 deny 3.3.3.0 0.0.0.255 permit any ip access-list standard filter-ospf2 deny 3.3.3.0 0.0.0.255 deny 4.4.4.0 0.0.0.255 permit any VerificationDetermine which routes have been prevented from reaching the IP routing table on Router A. rtrA# show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set 1.0.0.0/32 is subnetted, 1 subnets C 1.1.1.1 is directly connected, Loopback0 2.0.0.0/32 is subnetted, 1 subnets O IA 2.2.2.2 [110/65] via 10.1.1.2, 00:01:15, Serial0/1 4.0.0.0/32 is subnetted, 1 subnets O IA 4.4.4.4 [110/65] via 10.1.1.5, 00:01:15, Serial0/0 172.16.0.0/24 is subnetted, 1 subnets C 172.16.1.0 is directly connected, Ethernet0/0 10.0.0.0/30 is subnetted, 2 subnets C 10.1.1.0 is directly connected, Serial0/1 C 10.1.1.4 is directly connected, Serial0/0 Named access list filter-ospf1 denies networks 2.2.2.0 and 3.3.3.0. Named access list filter-ospf2 denies networks 3.3.3.0 and 4.4.4.0. The only network that is filtered by both access lists is 3.3.3.0. Verify that routes 2.2.2.2, 3.3.3.3, and 4.4.4.4 are still in the OSPF database on Router A. rtrA# show ip ospf database OSPF Router with ID (1.1.1.1) (Process ID 1) Router Link States (Area 0) Link ID ADV Router Age Seq# Checksum Link count 1.1.1.1 1.1.1.1 1815 0x800000C1 0xE80E 4 2.2.2.2 2.2.2.2 1843 0x80000050 0xA7E3 5 Summary Net Link States (Area 0) Link ID ADV Router Age Seq# Checksum 1.1.1.1 1.1.1.1 557 0x80000044 0xC030 2.2.2.2 2.2.2.2 1099 0x80000057 0x4E87 4.4.4.4 2.2.2.2 1099 0x8000000F 0x8293 Router Link States (Area 1) Link ID ADV Router Age Seq# Checksum Link count 1.1.1.1 1.1.1.1 43 0x80000009 0xC359 1 Summary Net Link States (Area 1) Link ID ADV Router Age Seq# Checksum 2.2.2.2 1.1.1.1 1815 0x80000006 0x9159 3.3.3.3 1.1.1.1 45 0x8000000A 0x5B87 4.4.4.4 1.1.1.1 45 0x8000000A 0x2DB1 10.1.1.0 1.1.1.1 559 0x80000007 0x36B3 10.1.1.4 1.1.1.1 1816 0x80000008 0xCD8 Troubleshooting
|
< Free Open Study > |