Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1322
Views
0
Helpful
5
Replies

Blocking specific OSPF networks on one interface

Go to solution
Kgrevemberg
Level 1
Level 1

‎03-23-2019 06:28 AM

Hi, I need to block my private IP ranges from being advertised out of g4/0.10. Idealy I would just make an access-list on my Cisco 3900. When I go into "router ospf 1" and begin to type "distribute-list OUT_BLK out ..... there is not way for me to apply an interface to this commend on my router. Does anyone know another way for me to do this? Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
paul driver
VIP
VIP

‎03-25-2019 02:33 AM - edited ‎03-25-2019 02:49 AM

Hello

@Kgrevemberg wrote:

Hi, I need to block my private IP ranges from being advertised out of g4/0.10.

Does this router have multiple opsf interfaces  and do they form adjacency's with other routers? - what you can do is negate the advertisement from the other side of this specific interface ospf adjacency

 

On the adjacent router you can filter routes to enter from that interface so not to populate that routers own rib table but as Rick stated you wont prohibit these same routes from populating the OSPF Database this can be done from one area to another by filtering on the ABR/ABSR.

route-map no-routes-interface deny 10
match interface x/x  <------------------interface you dont wish routes to be receive on)

route-map no-routes-interface permit 99


router ospf 1
distribute-list route-map no-routes-interface in


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Jaderson Pessoa
VIP Alumni
VIP Alumni

‎03-23-2019 08:03 AM

@Kgrevemberg hello,

 

distribute list is filter all networks mentioned on your ACL. So, if you has a acl configureded properly, it will work well.

 

 

By the way, input here the configuration and we will suggest the possible changes to solve your problem.

Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎03-23-2019 08:04 AM

OSPF does not support a distribute list applied out on an interface. OSPF does support a distribute list applied in on an interface. But it does not do what you probably think it does. It does block that advertisement in the IP routing table. But it does not block processing the advertisement in the OSPF topology table. And it does not block advertisement of that network to other OSPF neighbors.

 

If you were running EIGRP this would work. But I do not know of a way to achieve it in OSPF.

 

HTH

 

Rick

HTH

Rick
0 Helpful

Go to solution
Deepak Kumar
VIP Alumni
VIP Alumni

‎03-23-2019 08:45 AM

Hi,

As @richard_Burts mentioned that you can't apply "OUT" distribute-list. You will get an error while trying to apply with an interface on internal router :

R2(config-router)#distribute-list 1 out fastEthernet 0/0
% Interface not allowed with OUT for OSPF

 

You can apply the Distribute-list without mentioning any specific interface but it will work on an ASBR while routes being redistributed. It can be applied to external type 2 and type 1 routes, but not to intra-area and interarea routes.

Here is the guide: https://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/routmap.html

 

Regards,

Deepak Kumar

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

Go to solution
paul driver
VIP
VIP

‎03-25-2019 02:33 AM - edited ‎03-25-2019 02:49 AM

Hello

@Kgrevemberg wrote:

Hi, I need to block my private IP ranges from being advertised out of g4/0.10.

Does this router have multiple opsf interfaces  and do they form adjacency's with other routers? - what you can do is negate the advertisement from the other side of this specific interface ospf adjacency

 

On the adjacent router you can filter routes to enter from that interface so not to populate that routers own rib table but as Rick stated you wont prohibit these same routes from populating the OSPF Database this can be done from one area to another by filtering on the ABR/ABSR.

route-map no-routes-interface deny 10
match interface x/x  <------------------interface you dont wish routes to be receive on)

route-map no-routes-interface permit 99


router ospf 1
distribute-list route-map no-routes-interface in


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎03-25-2019 07:03 AM

Besides what the other posters have noted, you could run two OSPF processes and then you select what you want to redistribute between the OSPF processes (NB: this is much the same as if you were redistributing between two different routing protocols although you won't have any "metric" translation issues).
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card