cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
506
Views
0
Helpful
4
Replies

distribute list question

1pc0nf1g
Level 1
Level 1

Hello,

 

I was hoping someone could explain the reasoning behind the behavior I'm seeing. I'm sure it's by design, it just seems weird to me. I'll try to make it brief.

I have 4 routers in ospf area 0. R1 is the ASBR. I redistribute eigrp 100 routes into ospf on R1. When I add a distribute list out on R1 blocking, let's say, 192.3.3.0/24, the other 3 routers do not receive the route. Looks good.

I have another router, R2 (not connected to R1 in any way, different topology completely), that is an ABR that has several other routers connected in different areas with R2 in area 0. I want to block all routes to those other routers except 1 so I accomplish this through prefix-lists (outgoing from each area, or incoming to each area) and it works fine. I also want to block all default routes coming into R2 so I use a distribute-list prefix which blocks 0.0.0.0/0 le 32. This also works and blocks default routes coming into R2.

So my question is why can't I use a distribute list out on the ABR to allow that one route to all the different areas and block all others? It seems weird to me that I can use a distribute-list to block all the default routes that are coming from each area to R2 but I can't use a distribute-list to block all routes except one from R2 to the other areas.

Hope my explanation makes sense someone can explain.

4 Replies 4

Hello,

 

the 'distribute-list' only works on the ASBR, and it only filters LSA type 5 and 7. What you want is a filter list, which filters LSA type 3. Have a look at the example below:

 

interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Loopback1
ip address 2.2.2.2 255.255.255.255
!
interface Loopback2
ip address 3.3.3.3 255.255.255.255
!
router ospf 1
router-id 1.1.1.1
area 1 filter-list prefix ABR_FILTER in
network 1.1.1.1 0.0.0.0 area 0
network 2.2.2.2 0.0.0.0 area 0
network 3.3.3.3 0.0.0.0 area 0
network 192.168.1.0 0.0.0.3 area 1
!
ip prefix-list ABR_FILTER seq 10 deny 1.1.1.1/32
ip prefix-list ABR_FILTER seq 20 permit 0.0.0.0/0 ge 32

Thanks for your reply. I am currently using filter-lists (mentioned in my post) and they work, I was just curious as to why I can use a distribute-list in on the ABR and it blocks the default routes from the other areas and not a distribute-list out to block routes to the other areas (but I guess the fact that it only works on the ASBR answers that part). 

I also seem to be able to block internal routes from other routers in the same area using the distribute-list in. R5 and R6 both area 0, 192.8.8.0/24 network behind R6, distribute-list on R5 blocking 192.8.8.0/24 in, and it blocks the route.

Hello,

 

sorry for the misunderstanding, of course you indeed mentioned that you were using filter lists.

Can you post the configs of your routers R5 and R6 ? I recreated this in GNS, but I do not manage do filter any LSA 3 routes with a distribute list...

No worries. I'm using GNS3 also. I will type out the relevant portions, I can't cut and paste. It's actually R1 and R9.

R1

int f0/0

ip add 192.1.1.1/24

!

int f2/0

ip add 192.168.10.1/24

!

router ospf 1

network 192.1.1.1 0.0.0.0 ar 0

network 192.168.10.0 0.0.0.0 ar 0

distribute-list prefix R9 in

!

ip prefix-list R9 seq 5 deny 192.168.100.9/32

ip prefix-list R9 seq 10 permit 0.0.0.0/0 le 32

 

R9

int loop0

ip add 192.168.100.9 255.255.255.0

!

int f2/0

ip add 192.168.10.9 255.255.255.0

!

router os 1

network 192.168.100.9 0.0.0.0 ar 0

network 192.168.10.9 0.0.0.0 ar 0

!

 

Distribute-list on R1 blocks 192.168.100.9/32 from R9. I know loopback0 is a /24 configured on R9 but it gets received on R1 as a /32 (need ospf point-to-point to advertise it as a /24).

Review Cisco Networking for a $25 gift card