12-17-2012 01:01 AM - edited 03-04-2019 06:25 PM
Hello community
I'm trying to configure the a distribute list on ospf but I keep on getting the following error message:
% This command only accepts named standard IP access-lists.
The access-list that I'm trying to apply is:
ip access-list extended router2nets
remark DistributteInOSPF_150.2.0.0
permit IP 150.2.0.0 0.0.0.255 any ip access-list extended router2nets
remark DistributteInOSPF_150.2.0.0
permit IP 150.2.0.0 0.0.0.255 any
Can someone please explain why I'm getting that message?
Cheers
Carlton
12-17-2012 03:11 AM
Hi guys,
Any ideas?
Cheers
12-17-2012 03:16 AM
Hi guys,
I realised the routes will still show with the access-lists configured - I just won't be able to access any resources within the 150.2.0.0 when the access-list is applied to the interface.
Cheers
Carlton
12-17-2012 03:25 AM
Carlton,
You have to distinguish between the effect of having an ACL put directly on an interface and used in a distribute-list. An ACL used on an interface using the ip access-group command will filter packets based on their header contents. An ACL used in a distribute-list in will filter networks in incoming routing updates, or in case of OSPF, networks as they enter the routing table. Notice the subtle but very important difference - ACL on an interface does not apply to packet contents, rather to packets themselves! The distribute-list, on the other hand, filters the contents of routing protocol updates, and only routing protocol updates. Placing your ACL on the interface is not correct here.
Can I ask you what IOS image are you running? The behavior of your IOS suggests there may be a bug involved.
I have reviewed your configuration that uses the prefix-list. I do not see any obvious mistake in it. Can you revert to that configuration that uses the prefix lists, and post the output of the following commands?
show ip ospf neighbor
show ip ospf database
show ip route ospf
show ip prefix-list
Thank you!
Best regards,
Peter
12-17-2012 09:51 AM
Hi Peter,
Sorry for the delayed response - I had to run out.
Any I have done as you asked - reverted back to original configuration you provided. I have attached the configs of the four routers in the lab and a topololgy. Below is the contents of the show commands:
R4#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
1.1.1.1 0 FULL/ - 00:01:59 10.0.1.1 Ethernet1/0
3.3.3.3 1 FULL/BDR 00:00:36 10.0.0.13 FastEthernet0/0
R4#
R4#show ip ospf database
OSPF Router with ID (4.4.4.4) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
1.1.1.1 1.1.1.1 541 0x80000002 0x00CC9A 4
4.4.4.4 4.4.4.4 540 0x80000002 0x0028DD 5
Summary Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
10.0.0.0 1.1.1.1 571 0x80000001 0x00E050
10.0.0.4 1.1.1.1 571 0x80000001 0x00B874
10.0.0.4 4.4.4.4 526 0x80000001 0x0068B7
10.0.0.12 1.1.1.1 517 0x80000001 0x0072B1
10.0.0.12 4.4.4.4 571 0x80000001 0x000E0B
Summary ASB Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
1.1.1.1 4.4.4.4 516 0x80000001 0x00E83D
3.3.3.3 1.1.1.1 519 0x80000001 0x00DC4E
3.3.3.3 4.4.4.4 528 0x80000001 0x00829C
R4#how ip route ospf
^
% Invalid input detected at '^' marker.
R4#
R4#show ip prefix-list
ip prefix-list OSPF: 1 entries
seq 5 permit 150.2.2.0/24
R4#
R4#show ip route ospf
R4#show ip route ospf
R4#
12-18-2012 06:44 AM
Hi Carlton,
I apologize - I did not yet have the time to go over your configurations in detail. However, your output puzzles me - I see no LSA-5 being displayed in the show ip ospf database, i.e. those topological elements that carry redistributed (external) networks. Logically, if they are not in the link-state database, the routes they contain can not be placed into the routing table. I wonder - why are they missing?
Best regards,
Peter
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide