[OSPF] Route Filtering with Standard ACL

Filtering in OSPF is configured using the distribute-list router subcommand, which can reference either an ACL, prefix list, or a route map to determine whether or not routes should be filtered, in which direction and on which interface.

In this post, we are interesting how filtering using Standard ACL.

OSPF Route Filtering

After configuring OSPF, on R2 we should see all the three routes

R2#show ip route ospf 
     10.0.0.0/32 is subnetted, 3 subnets
O       10.10.1.1 [110/11] via 192.168.1.1, 00:00:09, FastEthernet0/0
O       10.10.3.1 [110/11] via 192.168.1.1, 00:00:09, FastEthernet0/0
O       10.10.2.1 [110/11] via 192.168.1.1, 00:00:09, FastEthernet0/0
R2#

Now, we want to filter 10.10.2.0/24 to be advertised to R2 by creating an ACL, deny 10.10.2.0, notice that permit any to allow other routes to be advertised..

R2(config)#access-list 1 deny 10.10.2.0 0.0.0.255
R2(config)#access-list 1 permit any
R1(config)#

Now, we have to apply the distribute-list with the ACL number 1 in the inbound direction

PS: The OSPF algorithm requires that every router in an area receive all of the LSAs for that area, so you cannot filter outbound routing information, for this we will apply the ACL on R2 inbound:

R2(config)#router ospf 1
R2(config-router)#distribute-list 1 ?
  in   Filter incoming routing updates
  out  Filter outgoing routing updates

R2(config-router)#distribute-list 1 in fastEthernet 0/0
R2(config-router)#

And finally, the routing table on R2 should looks like (no route to 10.10.2.0/24):

R2#show ip route ospf 
     10.0.0.0/32 is subnetted, 2 subnets
O       10.10.1.1 [110/11] via 192.168.1.1, 00:00:13, FastEthernet0/0
O       10.10.3.1 [110/11] via 192.168.1.1, 00:00:13, FastEthernet0/0
R2#

I hope this been informative for you, enjoy !

Advertisements

Tagged: , , , , , ,

Leave a Reply :

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: