7-2 distribute-list access-list-number in interface-type interface-number

 <  Free Open Study  >  

7-2 distribute-list access-list-number in interface-type interface-number

Syntax Description:

  • access-list-number ” Standard IP access number used to determine which routes learned via OSPF will be prevented from being installed in the IP routing table. The range of access list numbers is 1 “99 and 1300 “2699.

  • interface-type ” Optional parameter, along with the interface-number, used to apply the distribute list to OSPF routes learned through a particular interface.

  • interface-number ” Number of the interface type.

Purpose: To prevent OSPF routes learned over a specific interface from being installed in the IP routing table. Even though an OSPF route may be prevented from being installed in the IP routing table, the route will still be in the OSPF database. Because the filtered route will still be in the OSPF database, it is possible for the route to be received from another OSPF interface.

Initial Cisco IOS Software Release: 10.0. The interface-type and interface-number parameters were added in 11.2.

Configuration Example: Preventing Routes Learned via OSPF Over a Specific Interface from Being Installed in the IP Routing Table

In Figure 7-2, Router A is receiving the OSPF routes 2.2.2.2, 3.3.3.3, and 4.4.4.4 from Router B over two serial interfaces. Start by configuring Routers A and B as shown in the listing below the figure.

Figure 7-2. A Distribute List/Access List Controls Which OSPF Routes, Learned Over a Specific Interface, Are Transferred from the OSPF Database into the IP Routing Table

graphics/07fig02.gif

 Router A  interface Loopback0   ip address 1.1.1.1 255.255.255.255   !   interface Serial0/0   ip address 10.1.1.6 255.255.255.252   !   interface Serial0/1   ip address 10.1.1.1 255.255.255.252   clockrate 64000   !   router ospf 1   network 1.1.1.1 0.0.0.0 area 1   network 10.1.1.0 0.0.0.3 area 0   network 10.1.1.4 0.0.0.3 area 0  ________________________________________________________________________________ Router B  interface Loopback0   ip address 2.2.2.2 255.255.255.255   !   interface Loopback1   ip address 3.3.3.3 255.255.255.255   !   interface Loopback2   ip address 4.4.4.4 255.255.255.255   !   interface Serial0   ip address 10.1.1.2 255.255.255.252   !   interface Serial1   bandwidth 64   ip address 10.1.1.5 255.255.255.252   clockrate 64000   !   router ospf 1   router-id 2.2.2.2   network 2.2.2.2 0.0.0.0 area 2   network 3.3.3.3 0.0.0.0 area 0   network 4.4.4.4 0.0.0.0 area 4   network 10.1.1.0 0.0.0.3 area 0   network 10.1.1.4 0.0.0.3 area 0  

Verify that Routers A and B have established a FULL OSPF neighbor relationship.

 rtrA#  show ip ospf neighbor  Neighbor ID     Pri   State           Dead Time   Address         Interface 2.2.2.2           1  FULL/  -        00:00:33    10.1.1.5        Serial0/0 2.2.2.2           1  FULL/  -        00:00:37    10.1.1.2        Serial0/1 ________________________________________________________________________________ rtrB#  show ip ospf neighbor  Neighbor ID     Pri   State           Dead Time   Address         Interface 1.1.1.1           1  FULL/  -        00:00:38    10.1.1.1        Serial0 1.1.1.1           1  FULL/  -        00:00:36    10.1.1.6        Serial1 

Verify that Router A is receiving the routes 2.2.2.2, 3.3.3.3, and 4.4.4.4 from Router B.

 rtrA#  show ip route  Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP        D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area        N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2        E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP        i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area        * - candidate default, U - per-user static route, o - ODR        P - periodic downloaded static route Gateway of last resort is not set      1.0.0.0/32 is subnetted, 1 subnets C       1.1.1.1 is directly connected, Loopback0      2.0.0.0/32 is subnetted, 1 subnets  O IA    2.2.2.2 [110/65] via 10.1.1.5, 00:00:10, Serial0/0   [110/65] via 10.1.1.2, 00:00:10, Serial0/1  3.0.0.0/32 is subnetted, 1 subnets  O       3.3.3.3 [110/65] via 10.1.1.5, 00:00:10, Serial0/0   [110/65] via 10.1.1.2, 00:00:10, Serial0/1  4.0.0.0/32 is subnetted, 1 subnets  O IA    4.4.4.4 [110/65] via 10.1.1.5, 00:00:10, Serial0/0   [110/65] via 10.1.1.2, 00:00:11, Serial0/1  10.0.0.0/30 is subnetted, 2 subnets C       10.1.1.0 is directly connected, Serial0/1 C       10.1.1.4 is directly connected, Serial0/0 

For illustrative purposes, verify that these three routes are in the OSPF database on Router A.

 rtrA#  show ip ospf database  OSPF Router with ID (1.1.1.1) (Process ID 1)                 Router Link States (Area 0) 1.1.1.1         1.1.1.1         1423        0x800000C1 0xE80E   4  2.2.2.2         2.2.2.2         1451        0x80000050 0xA7E3   5  Summary Net Link States (Area 0) Link ID         ADV Router      Age         Seq#       Checksum 1.1.1.1         1.1.1.1         165         0x80000044 0xC030  2.2.2.2         2.2.2.2         707         0x80000057 0x4E87   4.4.4.4         2.2.2.2         707         0x8000000F 0x8293  Router Link States (Area 1) Link ID         ADV Router      Age         Seq#       Checksum Link count 1.1.1.1         1.1.1.1         1666        0x80000008 0xC558   1                 Summary Net Link States (Area 1) Link ID         ADV Router      Age         Seq#       Checksum  2.2.2.2         1.1.1.1         1423        0x80000006 0x9159   3.3.3.3         1.1.1.1         1669        0x80000009 0x5D86   4.4.4.4         1.1.1.1         1669        0x80000009 0x2FB0  10.1.1.0        1.1.1.1         168         0x80000007 0x36B3 10.1.1.4        1.1.1.1         1425        0x80000008 0xCD8 

Modify the configuration on Router A to prevent the OSPF routes 2.2.2.2 and 3.3.3.3 received over interface Serial 0/0 and the routes 3.3.3.3 and 4.4.4.4 received over Serial 0/1 from being installed in the IP routing table.

 Router A  router ospf 1   network 1.1.1.1 0.0.0.0 area 1   network 172.16.1.0 0.0.0.255 area 0    distribute-list 1 in Serial0/0     distribute-list 2 in Serial0/1    !    access-list 1 deny   2.2.2.0 0.0.0.255     access-list 1 deny   3.3.3.0 0.0.0.255     access-list 1 permit any     access-list 2 deny   3.3.3.0 0.0.0.255     access-list 2 deny   4.4.4.0 0.0.0.255     access-list 2 permit any   
Verification

Determine the routes that have been filtered from reaching the IP routing table on Router A.

 rtrA#  show ip route  Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP        D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area        N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2        E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP        i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area        * - candidate default, U - per-user static route, o - ODR        P - periodic downloaded static route Gateway of last resort is not set      1.0.0.0/32 is subnetted, 1 subnets C       1.1.1.1 is directly connected, Loopback0      2.0.0.0/32 is subnetted, 1 subnets  O IA    2.2.2.2 [110/65] via 10.1.1.2, 00:01:15, Serial0/1  4.0.0.0/32 is subnetted, 1 subnets  O IA    4.4.4.4 [110/65] via 10.1.1.5, 00:01:15, Serial0/0  172.16.0.0/24 is subnetted, 1 subnets C       172.16.1.0 is directly connected, Ethernet0/0      10.0.0.0/30 is subnetted, 2 subnets C       10.1.1.0 is directly connected, Serial0/1 C       10.1.1.4 is directly connected, Serial0/0 

Access list 1 on Router A allows network 4.4.4.0. Access list 2 on Router A allows network 2.2.2.0. The only network that is filtered by both access lists is 3.3.3.0. Verify that routes 2.2.2.2, 3.3.3.3, and 4.4.4.4 are still in the OSPF database on Router A.

 rtrA#  show ip ospf database  OSPF Router with ID (1.1.1.1) (Process ID 1)                 Router Link States (Area 0) Link ID         ADV Router      Age         Seq#       Checksum Link count 1.1.1.1         1.1.1.1         1815        0x800000C1 0xE80E   4  2.2.2.2         2.2.2.2         1843        0x80000050 0xA7E3   5  Summary Net Link States (Area 0) Link ID         ADV Router      Age         Seq#       Checksum 1.1.1.1         1.1.1.1         557         0x80000044 0xC030  2.2.2.2         2.2.2.2         1099        0x80000057 0x4E87   4.4.4.4         2.2.2.2         1099        0x8000000F 0x8293  Router Link States (Area 1) Link ID         ADV Router      Age         Seq#       Checksum Link count 1.1.1.1         1.1.1.1         43          0x80000009 0xC359   1                 Summary Net Link States (Area 1) Link ID         ADV Router      Age         Seq#       Checksum  2.2.2.2         1.1.1.1         1815        0x80000006 0x9159   3.3.3.3         1.1.1.1         45          0x8000000A 0x5B87   4.4.4.4         1.1.1.1         45          0x8000000A 0x2DB1  10.1.1.0        1.1.1.1         559         0x80000007 0x36B3 10.1.1.4        1.1.1.1         1816        0x80000008 0xCD8 
Troubleshooting
Step 1. Verify that there is a neighbor relationship between the OSPF routers by using the show ip ospf neighbor command.

Step 2. Verify that the distribute-list command is referencing the correct access list number and interface.

Step 3. Verify the syntax of the access list.

Step 4. Verify that the access list has been referenced by using the command show ip access-lists access-list-number. For example, for the preceding configuration, the output would be the following:

 rtrA#  show ip access-lists 1  Standard IP access list 1     deny   2.2.2.0, wildcard bits 0.0.0.255 (5 matches) check=15     deny   3.3.3.0, wildcard bits 0.0.0.255 (5 matches) check=10     permit any (10 matches) Standard IP access list 2     deny   3.3.3.0, wildcard bits 0.0.0.255 (4 matches) check=12     deny   4.4.4.0, wildcard bits 0.0.0.255 (4 matches) check=8     permit any (8 matches) 
 <  Free Open Study  >  


Cisco[r] OSPF Command and Configuration Handbook
Cisco OSPF Command and Configuration Handbook (paperback)
ISBN: 1587055406
EAN: 2147483647
Year: 2002
Pages: 236

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net