Thanks for the advice Edison.

I can't use any other routing protocols as it would go against my customer's policy. However, I may be able to get round it using static routes: not elegant, but functional.

Huw

An inbound distribute list on a router/switch running OSPF will not prevent the LSAs getting into the Link State Database, but it can prevent the routes getting into the local routing table. From your description I would have thought that this would accomplish what you want. When you say that you configured a distribute list and that it did not work, how were you determining whether it worked or not? If the routes were in the routing table then there was something not correct in your distribute list.

[edit] another possibility to consider: configure 2 OSPF processes on switches 1 and 2. Configure 1 process to talk to switch 1 or 2 and the other process to talk to switch 3. You would need to redistribute routes between the processes and the redistribution can be filtered. This is more complex but if it is important to you to be able to filter routes (and LSAs) being advertised to switch 3 then this approach will work.

HTH

Rick

I had thought about two OSPF processes, but decided against; the support staff have a large number of switches to look after - my aim is to make things as simple as possible for them.

In case I did make a mistake, the configuration I used was as follows:

Switch 1:

router ospf 1

area 0.0.0.1 range 10.10.0.0 255.255.252.0

redistribute static subnets

!

ip route 172.30.1.0 255.255.255.0 10.10.1.128

!

Switch 2:

router ospf 1

area 0.0.0.1 range 10.10.0.0 255.255.252.0

redistribute static subnets

!

ip route 172.30.2.0 255.255.255.0 10.10.2.128

!

Switch 3

router ospf 1

network 10.0.5.0 0.0.0.255 area 0.0.0.0

network 10.255.1.1 0.0.0.3 area 0.0.0.1

network 10.255.2.1 0.0.0.3 area 0.0.0.1

distribute-list INWARD in GigabitEthernet1/1

!

ip access-list standard INWARD

permit 10.10.0.0 0.0.3.255

!

(10.255.1.0/30 and 10.255.2.0/30 are the subnets for the links to Sw1 and Sw2)

The only route I want advertised is the 10.10.0.0/22, but the 172.30 networks are advertised as well.

Huw

Without knowing a bit more about the topology of the network it is difficult to properly evaluate the configuration and operation of the distribute list. Is Gig1/1 the interface that connects to both switch 1 and switch 2? The distribute list as configured only operates on updates received from interface Gig1/1. What happens if you change the distribute list like this:

distribute-list INWARD in

(remove the interface reference)

HTH

Rick

Sorry Rick, there's a line missing which applies the distribute list to G1/2.

G1/1 -> Sw1, G1/2 -> Sw2.

I can't apply the distribute list generally, as Sw3 has to learn many routes from other switches in the network.