回复: RES: [c-nsp] Re: Limiting networks announced on special link of OSPF

Joe Shen sj_hznm at yahoo.com.cn
Wed Aug 17 06:14:43 EDT 2005


Thanks for your help.

Can I set up incoming LSA filtering, so that only
allows subnet inside VLAN3 to be installed on 6509-a
and 6509-b? 

e.g 

interface vlan3
  description server-subnet
  ip address 10.1.2.1 255.255.255.240

access-list 24 allow 10.1.2.0 0.0.0.15
access-list 24 allow 11.1.1.12 255.255.255.255
access-list 24 allow 11.1.1.13 255.255.255.255
access-list 24 deny any any

router ospf 100
  network 10.1.1.0 0.0.0.255 area 0
  network 10.1.2.0 0.0.0.15 area 10.1.2.0 
  network 10.1.3.0 0.0.0.255 area 0 
  distribute-list 24 in interface vlan3

If fact, area 10.1.2.0 is a area which need to learn
default route from both 6509-a and6509-b. 

thanks 

Joe



--- Murilo Antonio Pugliese
<mpugliese at diveo.net.br>дµÀ:

> 
> Folks.
> 
> Follow "a sample" to restrict OSPF advertisements
> that do work.
> I'm not sure if it's intended for the discussed
> scenario but I'm sending anyway.
> 
> 	router ospf #
> 	 ...
> 	 redistribute connected/static subnets route-map
> void-ospf-redistribution	
> 	!
> 	ip access-list extended void-redistribution
> 	 permit ip <prefix> <wildcard-mask> <mask>
> <wildcard-mask>
> 	 ...
> 	!
> 	route-map void-ospf-redistribution deny 10
> 	 match ip address void-redistribution
> 	!
> 	route-map void-ospf-redistribution permit 20
> 	!
> Yours Truly.
> 
> Murilo Pugliese.
> 
> -----Mensagem original-----
> De: Oliver Boehmer (oboehmer)
> [mailto:oboehmer at cisco.com]
> Enviada em: terça-feira, 16 de agosto de 2005 11:33
> Para: Jeremiah Millay; cisco-nsp at puck.nether.net
> Assunto: RE: [c-nsp] Re: Limiting networks announced
> on special link of
> OSPF
> 
> 
> OSPF does not support generic outbound route
> filtering like you
> described below. You can't do this for link-state
> routing protocols as
> all routers within the area need to agree on the
> same topology.
> 
> 	oli
> 
> Jeremiah Millay <> wrote on Tuesday, August 16, 2005
> 4:23 PM:
> 
> > I would use a distribute-list to filter SPECIFIC
> advertisements. For
> > example, say you were trying to restrict the
> advertisement of 10.1.1.0
> > out an interface like serial0/1. You would
> configure the following:
> > access-list 24 deny 10.1.1.0 0.0.0.255
> > access-list 24 permit any
> > router ospf 1
> >  network 10.1.1.0 0.0.0.255 area 0
> >  distribute-list 24 out interface s0/1
> > 
> > Just change the prefix and the interface (int vlan
> 3 or whatever) that
> > you are trying to restrict advertisements to.
> > If you don't want ANY advertisements out an
> interface use the
> > passive-interface command. (passive-interface vlan
> 3)
> > 
> > 
> > cisco-nsp-request at puck.nether.net wrote:
> > 
> >> Message: 6
> >> 
> >> Date: Tue, 16 Aug 2005 15:25:06 +0800 (CST)
> >> From: Joe Shen <sj_hznm at yahoo.com.cn>
> >> Subject: [c-nsp] Limiting networks announced on
> special link of OSPF
> >> To: cisco-nsp at puck.nether.net Message-ID:
> >>
>
<20050816072506.3962.qmail at web15403.mail.cnb.yahoo.com>
> >> Content-Type: text/plain; charset=gb2312 
> >> 
> >> Hi,
> >> 
> >> Can I restricting networks advertised on one link
> in
> >> OSPF?
> >> 
> >> 
> >> My situation:
> >> 
> >> 
> >>   Cat6509-a ------------------  Cat6509-b
> >>               (Vlan3, 8 on trunk)
> >> 
> >> 
> >> both Cat6509 run OSPF. Vlan 3 is a vlan planned
> for
> >> server installation, while Vlan 8 is
> interconnection.
> >> Subnet of Vlan 3 is planned as a NSSA area which
> >> connects to area 0, while both catalyst6509
> belong to
> >> area 0. There is only one ospf process configed
> on
> >> each catalyst6509, and there is logical interface
> >> Vlan3 on both catalyst6509.
> >> 
> >> 
> >> After setting up vlan3 interface on L3 module, I
> >> noticed catalyst6509-a and catalyst6509-b
> establish
> >> ospf neighbor relationship. And, route from
> 6509-b to
> >> some subnet on 6509-a point to vlan 3 and vlan8.
> but,
> >> i just don't want vlan3 on trunk link to carry
> any
> >> traffic beside those inside vlan3.
> >> 
> >> How can I do it?
> >> 
> >> thanks
> >> 
> >> Joe
> >> 
> >> 
> >> 
> > 
> > --
> > Rock River Internet                           
> Jeremiah Millay
> > 202 W. State St, 8th Floor             
> jeremiah at rockriver.net
> > Rockford, IL 61101                     
> 815-968-9888 Ext. 2202
> > USA                                              
> fax 968-6888
> > 
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at
> http://puck.nether.net/pipermail/cisco-nsp/
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at
> http://puck.nether.net/pipermail/cisco-nsp/
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at
> http://puck.nether.net/pipermail/cisco-nsp/
> 



		
___________________________________________________________ 
ÑÅ»¢ÓÊÏ䳬ǿÔöÖµ·þÎñ£­2G³¬´ó¿Õ¼ä¡¢pop3ÊÕÐÅ¡¢ÎÞÏÞÁ¿ÓʼþÌáÐÑ 
http://cn.mail.yahoo.com


More information about the cisco-nsp mailing list