Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
518
Views
0
Helpful
3
Replies

Cisco ASA LSA type 3 filtering

Jason Knight
Level 1
Level 1

‎05-23-2013 06:20 PM - last edited on ‎03-25-2019 04:24 PM by Community Manager

Hey everyone,

I am attempting to filter a specific host(s) from my OSPF routiing table on a ASA 5550 (ABR) using LSA prefix lists.  However, when I look at the other routers in that area, I notice that ALL LSA type-3's are being removed (10 hosts are now missing from the routing table). I have verified the filter is working on the ABR, but I can't figure why ALL hosts/routes that were coming into the area are now being filtered instead of the specific one that I want to filter out.

Here is the config on the ABR:

prefix-list pdm_pl_000 seq 10 permit 206.253.180.137/32

!

!            

router ospf 1

network 10.0.0.0 255.255.255.0 area 0

network 10.150.10.0 255.255.255.0 area 10

network 10.150.252.0 255.255.255.224 area 10

area 0 authentication message-digest

area 10 authentication message-digest

area 10 filter-list prefix pdm_pl_000 in

log-adj-changes

The 206.253.180.137 host is actually coming from Area '3'.  Am I doing something that is removing all type-3 LSA's?

Thanks,

Jason

Labels:
0 Helpful
3 Replies 3

Julio Carvajal
VIP Alumni
VIP Alumni

‎05-23-2013 06:53 PM

So there is another ABR on the network (the one that connects area 0 to Area 3) right?

On the ASA the prefix looks good, you want to stop the advertisement of the LSA type-3 that contains the prefix value of 206.253.180.137.

Can you double check that on the other ABR everything is properly setup?

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Jason Knight
Level 1
Level 1
In response to Julio Carvajal

‎05-23-2013 07:19 PM

Hi jcarvaja,

Yes, there is another ABR that connects 0 to area 3.

Yes, I want to stop the 206.253.180.137 advertisement. 

As far as the other ABR, what should I be looking for?  I have no filters set up there and don't really want to place any there if I don't have to.

Thanks

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to Jason Knight

‎05-23-2013 08:58 PM

Hello,

I mean on the ASA side does not look like you are doing any kind of filtering that would deny ALL LSA-3 advertisements,

So are you sure there is only one another ABR and that it does not have any Filtering config?

Can u post the config

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card