Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1093
Views
5
Helpful
4
Replies

ospf inbound filtering by interface

SJ K
Level 5
Level 5

‎09-26-2021 12:04 AM

hi all

 

Capture.JPG

 

I wanted 113.0/24 to be learn by L3 switch1 and R1

I do not want 113.0/24 to be learn by L3 switch1 via ge0/0/2

 

1) Is there anyway that i can do it ? can i do a inbound route filter on ge-0/0/2 only ?

 

2) should i have 2 x ospf process ?

can 1 interface belong to 2 ospf process ?

can 1 device has 2 x area 0 belonging to different ospf process ?

 

Thank you

Labels:
0 Helpful
4 Replies 4

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎09-26-2021 03:10 AM

Hello @SJ K ,

1) be aware that route filtering in OSPF means only avoid to install in IP routing table the filtered prefix(es) it does not influence the flooding of LSAs in the area.

For a configuration example see @paul driver  post.

 

You put also other questions

 

2)

2.a )  should i have 2 x ospf process ?

No, there are other ways to make gi0/0/2 not used : you can make it a passive interface in OSPF or you can play with OSPF authentication at interface level to have a mismatch with the other device or you can simply increase the interface OSPF cost with ip ospf cost 50 to make it a back up to whatever is learned over it.

 

2.b) can 1 interface belong to 2 ospf process ?

In OSPFv2 the OSPF process ID is not present in OSPF hello packets or other type of OSPF packets. As a result of this an interface can execute two OSPF processes only if they use different Area IDs for example one process uses area 0 and the other one uses area 5

if both processes attempt to use the same area-id for the same interface the router does not know how to handle received Hello packets and the interface is not used by both processes ( I have tested this many years ago I think this result is still valid)

 

2.c) can 1 device has 2 x area 0 belonging to different ospf process ?

Yes, but only on two different subsets of interfaces see previous point for the explanation.

 

Hope to help

Giuseppe

 

 

paul driver
VIP
VIP

‎09-26-2021 03:15 AM - edited ‎09-26-2021 03:17 AM

Hello

To deny that prefix from being received from gig0/0/2 you could apply a disbtribute-list filter on L3 switch1 (example1) but this would also negate that prefix from R4 on the same broadcast link unless you apply to filter on RID of advertsing rtr (example2)

Example1:
ip prefix-list 10  deny 113.0.0.0/24
ip prefix-list 10 permit 0.0.0.0/0 le 32
router ospf 1
distribute-list prefix 10 in GigabitEthernet0/0/2

Example2: RID of L3 sw2 - 10.1.12.2
ip prefix-list RID permit 10.1.12.2/32

ip prefix-list route permit 113.0.0.0/24

route-map filter deny 10
match ip address prefix-list route
match ip next-hop prefix-list RID

route-map filter permit 99

router ospf x
distribute-list route-map filter in



kind regards
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

SJ K
Level 5
Level 5
In response to paul driver

‎09-26-2021 06:48 AM - edited ‎09-26-2021 07:28 AM

Example1:
ip prefix-list 10  deny 113.0.0.0/24
ip prefix-list 10 permit 0.0.0.0/0 le 32
router ospf 1
distribute-list prefix 10 in GigabitEthernet0/0/2

Hi Paul - with this example above - do you mean i can actually filter and deny 113.0.0.0/24 advertisement received on gi0/0/2 but still receive 113.0.0.0/24 advertisement on gi0/0/1 on switch1 ?

 

there is a permit 0.0.0.0/0 in the prefix-list - why do you say it will negate prefixes from R4 ?

0 Helpful

paul driver
VIP
VIP
In response to SJ K

‎09-26-2021 08:54 AM

Hello

 

 

@SJ K wrote:
Example1:
ip prefix-list 10  deny 113.0.0.0/24
ip prefix-list 10 permit 0.0.0.0/0 le 32
router ospf 1
distribute-list prefix 10 in GigabitEthernet0/0/2

Hi Paul - with this example above - do you mean i can actually filter and deny 113.0.0.0/24 advertisement received on gi0/0/2 but still receive 113.0.0.0/24 advertisement on gi0/0/1 on switch1 ? 

Yes as it will be advertised to R4 which shares the same broadcast network with both L3 switches as such that prefix will be advertised to L3SW1 via R4 which isn’t being denied via the route-map (example2)

 

there is a permit 0.0.0.0/0 in the prefix-list - why do you say it will negate prefixes from R4 ?  This is from example 1 which will deny that prefix from gig0/0/2 entirely irrespective of the source of the advertised route, the permit is a catch all statement allowing any other routes to be advertised and accepted. 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card