cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6343
Views
0
Helpful
7
Replies

how to use the command "ip ospf database-filter all out"?

att-sgcops
Level 1
Level 1

I have 3 rotuers all connected with the same LAN:

R1(e0:10.1.1.1)--------------------(e0:10.1.1.2)R2

|

|

|

|

(e0:10.1.1.3)R3

they are runing OSPF routing protocol, I want to filter the LSA from R1

I configured on R1:

int e0

ip ospf database-filter all out

and after that, I restarted the ospf process.

but R2 and R3 still can see the route from R1 via OSPF, why?

1 Accepted Solution

Accepted Solutions

globalnettech
Level 5
Level 5

Hello,

which router is the DR on your Ethernet segment ?

Regards,

GNT

View solution in original post

7 Replies 7

globalnettech
Level 5
Level 5

Hello,

which router is the DR on your Ethernet segment ?

Regards,

GNT

I think you are right. If I configured it on DR, it will not send LAS out that interface. Many thanks...

This command should work whether you apply it to any router no matter if it is the DR or not.

Hope this helps,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

Harold Ritter
Spotlight
Spotlight

You probably applied the "ip ospf database-filter" command after R2 and R3 already had R1s LSA in their LSDB.

Try reloading R2 and R3. you should see a difference.

Hope this helps,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

I re-start the ospf process, but no help.

The restart might not be sufficient if you do it on the router in DROTHER state. The reason is that after the process restart the LSAs will be received from the DR, assuming the DR is not the router with the "ip ospf database-filter" command.

Also bear in mind that this command should only be used to prevent excessive LSA update replication in highly redundant topologies. Causing routers in the same area to have different LSDBs is probably not a good idea. May I ask what you are trying to achieve.

Thanks,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

ospf database-filter all out, is also supported on the PIX/ASA/FWSM, and provides a very good way of preventing the sending of private routes to external routers etc, while dynamically learning routes for redundancy. As discussed, you need to make sure who becomes the DR, as any DR with this command enabled will prevent other routers from populating their routing tables. Need to set priority to zero, also need to set the router-id to a non used address (not sure if this is a Firewall Issue).