cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1323
Views
0
Helpful
5
Replies

Blocking specific OSPF networks on one interface

Kgrevemberg
Level 1
Level 1

Hi, I need to block my private IP ranges from being advertised out of g4/0.10. Idealy I would just make an access-list on my Cisco 3900. When I go into "router ospf 1" and begin to type "distribute-list OUT_BLK out ..... there is not way for me to apply an interface to this commend on my router. Does anyone know another way for me to do this? Thanks

1 Accepted Solution

Accepted Solutions

Hello


@Kgrevemberg wrote:

Hi, I need to block my private IP ranges from being advertised out of g4/0.10.


Does this router have multiple opsf interfaces  and do they form adjacency's with other routers? - what you can do is negate the advertisement from the other side of this specific interface ospf adjacency

 

On the adjacent router you can filter routes to enter from that interface so not to populate that routers own rib table but as Rick stated you wont prohibit these same routes from populating the OSPF Database this can be done from one area to another by filtering on the ABR/ABSR.

route-map no-routes-interface deny 10
match interface x/x  <------------------interface you dont wish routes to be receive on)

route-map no-routes-interface permit 99


router ospf 1
distribute-list route-map no-routes-interface in


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

5 Replies 5

Jaderson Pessoa
VIP Alumni
VIP Alumni

@Kgrevemberg hello,

 

distribute list is filter all networks mentioned on your ACL. So, if you has a acl configureded properly, it will work well.

 

 

By the way, input here the configuration and we will suggest the possible changes to solve your problem.

Jaderson Pessoa
*** Rate All Helpful Responses ***

Richard Burts
Hall of Fame
Hall of Fame

OSPF does not support a distribute list applied out on an interface. OSPF does support a distribute list applied in on an interface. But it does not do what you probably think it does. It does block that advertisement in the IP routing table. But it does not block processing the advertisement in the OSPF topology table. And it does not block advertisement of that network to other OSPF neighbors.

 

If you were running EIGRP this would work. But I do not know of a way to achieve it in OSPF.

 

HTH

 

Rick

HTH

Rick

Deepak Kumar
VIP Alumni
VIP Alumni

Hi,

As @richard_Burts mentioned that you can't apply "OUT" distribute-list. You will get an error while trying to apply with an interface on internal router :

R2(config-router)#distribute-list 1 out fastEthernet 0/0
% Interface not allowed with OUT for OSPF

 

You can apply the Distribute-list without mentioning any specific interface but it will work on an ASBR while routes being redistributed. It can be applied to external type 2 and type 1 routes, but not to intra-area and interarea routes.

Here is the guide: https://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/routmap.html

 

Regards,

Deepak Kumar

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Hello


@Kgrevemberg wrote:

Hi, I need to block my private IP ranges from being advertised out of g4/0.10.


Does this router have multiple opsf interfaces  and do they form adjacency's with other routers? - what you can do is negate the advertisement from the other side of this specific interface ospf adjacency

 

On the adjacent router you can filter routes to enter from that interface so not to populate that routers own rib table but as Rick stated you wont prohibit these same routes from populating the OSPF Database this can be done from one area to another by filtering on the ABR/ABSR.

route-map no-routes-interface deny 10
match interface x/x  <------------------interface you dont wish routes to be receive on)

route-map no-routes-interface permit 99


router ospf 1
distribute-list route-map no-routes-interface in


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Joseph W. Doherty
Hall of Fame
Hall of Fame
Besides what the other posters have noted, you could run two OSPF processes and then you select what you want to redistribute between the OSPF processes (NB: this is much the same as if you were redistributing between two different routing protocols although you won't have any "metric" translation issues).
Review Cisco Networking for a $25 gift card