Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4096
Views
5
Helpful
5
Replies

Access-List to filter OSPF

renato.santos11
Level 1
Level 1

‎07-07-2016 10:58 AM - edited ‎03-05-2019 04:23 AM

Hello people!

I´m configuring a customer network using OSPF in part of network. I attached the file in this forum. In this image I have six routers (Cmei-R / Cmei-U; Esc-R / Esc-U; Sau-R / Sau-u) to connect in a switch and I have a router DM4100 to work how concentrator.

I need to use OSPF (access-list extended no_ospf) to enable the routers to change OSPF only with DM4100 and don´t each other. This is possible?

I tried several ways, but could not.

Thanks for any help.

Renato Santos

 

 

 

Labels:
Preview file
82 KB
0 Helpful
5 Replies 5

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎07-07-2016 11:33 AM

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Yes and no.  You could filter what goes into each of your 6 routers route tables, but that might not be the best way to accomplish your goal.

You might, on DM4100, have a different VRF for each of the 6 routers, or perhaps run 6 different OSPF processes on DM4100.  Ether would allow filtering what if any routes you want to leak between DMF4100 and the other routers.

0 Helpful

renato.santos11
Level 1
Level 1
In response to Joseph W. Doherty

‎07-08-2016 06:05 AM

Hi Joseph!! Thanks for your help! It´s a excellent solution, but, my client have more than 200 sites and I would like to make a configuration that I could to implement only in the secundary points, avoiding configure DM4100. This way, it would be easier for technicians to deploy the solution.

if you have a new idea, please send me.

Best regards.

 

Renato

0 Helpful

renato.santos11
Level 1
Level 1
In response to renato.santos11

‎07-08-2016 10:37 AM

I tried all the settings listed below and not getting hit:

ip access-list extended no_ospf
 permit ospf host 10.200.248.1 host 10.200.24.1

ip access-group no_ospf in

* not success

-----------------------------------------------------

ip access-list extended no_ospf
 permit ospf host 10.200.248.1 host 10.200.24.1

ip access-group no_ospf out

* not success

-----------------------------------------------------

ip access-list extended no_ospf
 deny ospf host 10.200.0.1 host 10.200.24.1
 deny ospf host 10.200.8.1 host 10.200.24.1
 deny ospf host 10.200.16.1 host 10.200.24.1
 deny ospf host 10.200.32.1 host 10.200.24.1
 deny ospf host 10.200.40.1 host 10.200.24.1
 permit ospf any any

ip access-group no_ospf in

* not success

-----------------------------------------------------

ip access-list extended no_ospf
 deny ospf host 10.200.0.1 host 10.50.1.1
 deny ospf host 10.200.8.1 host 10.50.1.1
 deny ospf host 10.200.16.1 host 10.50.1.1
 deny ospf host 10.200.32.1 host 10.50.1.1
 deny ospf host 10.200.40.1 host 10.50.1.1
 permit ospf any any

ip access-group no_ospf in

* not success

-----------------------------------------------------

ip access-list extended no_ospf
 deny ospf host 10.200.0.1 any
 deny ospf host 10.200.8.1 any
 deny ospf host 10.200.16.1 any
 deny ospf host 10.200.32.1 any
 deny ospf host 10.200.40.1 any
 permit ospf any any

ip access-group no_ospf in

* not success

-----------------------------------------------------

ip access-list extended no_ospf


ip access-group no_ospf in

* not success

-----------------------------------------------------

ip access-list extended no_ospf
 deny ospf host 10.200.0.1 host 10.200.24.1
 deny ospf host 10.200.8.1 host 10.200.24.1
 deny ospf host 10.200.16.1 host 10.200.24.1
 deny ospf host 10.200.32.1 host 10.200.24.1
 deny ospf host 10.200.40.1 host 10.200.24.1

ip access-group no_ospf in

* not success

-----------------------------------------------------

ip access-list extended no_ospf
 deny ospf host 10.200.0.1 host 10.200.24.1
 deny ospf host 10.200.8.1 host 10.200.24.1
 deny ospf host 10.200.16.1 host 10.200.24.1
 deny ospf host 10.200.32.1 host 10.200.24.1
 deny ospf host 10.200.40.1 host 10.200.24.1
 permit ospf host 10.200.248.1 host 10.200.24.1

ip access-group no_ospf in

* not success

-----------------------------------------------------

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to renato.santos11

‎07-09-2016 04:53 AM

Where are you using those ACLs?

0 Helpful

renato.santos11
Level 1
Level 1
In response to Joseph W. Doherty

‎07-11-2016 04:43 AM

Forgive me Joseph!!

I used this configuration in the Cmei-R.

Friday I got the resolve this problema with the configuration below:

ip access-list extended no_ospf

permit ospf host 10.200.248.1 any

deny ospf any any

permit ip host 10.200.248.1 any

I put this configuration in all routers, almost, the DM4100 router. This way work.

Thanks for you help.

Best Regards,

Renato

Customers Also Viewed These Support Documents