08-10-2015 03:17 AM - edited 03-08-2019 01:18 AM
I have a cisco 3560 connected to Palo alto firewall. There is ospf neigborship established between 3560 and the firewall.
3560 injects all the ospf database routes to firewall. I want to filter out routes which firewall is receiving. There is no option on
the firewall how can I do it on 3560.
08-10-2015 06:11 AM
Are both devices in the same ospf area?
You could try this, filter with route-map and distribute-list if type 3
http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/routmap.html
or if there type 5 lsa you could filter with summary-address x.x.x.x no advertise
http://www.getnetworking.net/ospf/ospf-external-route-summarization
just some options may help
08-10-2015 05:26 PM
Both devices are in same area.
The cisco link talks about filtering inbound. But i need outbound filtering. Not sure
if ospf routes can be filtered outbound.
08-11-2015 12:06 AM
Yes theres an issue around filtering outbound with ospf when in the same area due to the LSDB , from what i remember it only allows outbound filtering on ASBRs , this is because of it being link-state and every ospof device knowing about each other , one other way but i have never needed to test this so i cannot be sure of the results there is a neighbor command that allows you to filter out all LSAs neighbor x.x.x.x database-filter all out
Thats all i have if its in the same area maybe someone else has some other way im not aware of
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide