Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4513
Views
10
Helpful
3
Replies

OSPF filtering at ABR with filter-list prefix

Barry Landon
Level 1
Level 1

‎02-09-2017 03:52 AM - edited ‎03-08-2019 09:15 AM

Topology

R1 –  [R4] = Area 0 : process ID 1
[R4] – R6 – R7 = Area 1 : process ID 2

I have a loopback interface configured on R6 and R7 which is distributed by ABR and pingable from R1.  After adding the filter list and prefix-list its still a routable path to 192.168.177.0/24 from R1. Each area has its own process ID.

Config

R6#
interface Loopback6
 ip address 192.168.166.1 255.255.255.0
 ip ospf authentication
 ip ospf authentication-key area1
 ip ospf network point-to-point
 ip ospf 2 area 1
end

R7#
interface Loopback7
 ip address 192.168.177.1 255.255.255.0
 ip ospf authentication
 ip ospf authentication-key area1
 ip ospf network point-to-point
 ip ospf 2 area 1
end

I want to filter loopback 7 from creating a LSA entering Area 0 but permit loopback 6

R4#

router ospf 1
 router-id 4.4.4.10
 redistribute ospf 2 subnets

router ospf 2
 router-id 4.4.4.21
 area 1 filter-list prefix FILTER_INTO_AREA_0 in
 redistribute ospf 1 subnets

ip prefix-list FILTER_INTO_AREA_0 seq 5 deny 192.168.177.0/24
ip prefix-list FILTER_INTO_AREA_0 seq 10 permit 0.0.0.0/0 le 32


Can somebody help me understand how I can get this to work.

Labels:
0 Helpful
3 Replies 3

willwetherman
Spotlight
Spotlight

‎02-09-2017 05:38 AM

Hi,

OSPF filter lists can only be applied to an ABR and used to filter type-3 LSAs between areas.

In your configuration, as you are running two separate OSPF processes on R4 and redistributing between them, R4 will not consider itself as an ABR and the filter list will not work. As R4 is redistributing OSPF process 2 into OSPF process 1, R4 is acting as an ASBR and not an ABR and will therefore be generating a type-5 LSA for 192.168.177.0/24 in OSPF process 1.

To fix this issue you will either need to configure area 0 and area 1 under the same OSPF process on R4 and use the filter list to filter the type-3 LSA, or configure a distribute list in the outbound direction on R4 under OSPF process 1. For example

router ospf 1
 router-id 4.4.4.10
 redistribute ospf 2 subnets
 distribute-list prefix FILTER_INTO_AREA_0  out

router ospf 2
 router-id 4.4.4.21
 redistribute ospf 1 subnets

ip prefix-list FILTER_INTO_AREA_0 seq 5 deny 192.168.177.0/24
ip prefix-list FILTER_INTO_AREA_0 seq 10 permit 0.0.0.0/0 le 32

seungyoul-lee
Level 1
Level 1
In response to willwetherman

‎12-10-2017 03:20 PM - edited ‎12-10-2017 03:24 PM

excellent explanations!

0 Helpful

paul driver
VIP
VIP

‎02-09-2017 06:58 AM

Hello

As you performing mutual redistribution on R4 then You need to filter on the redistribution point.

R4
ip prefix-list stan_pf seq 5 permit x.x.x.x/y

route-map STAN deny 10
match ip address prefix-list stan_pf
route-map STAN permit 99

router ospf 1
redistribute ospf 2 subnets route-map STAN


Or on the router originating the subnet to suppress it from being advertised

R7
int loopback 7
ip ospf prefix-suppression

res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card