??: RES: [c-nsp] Re: Limiting networks announced on special l
ink of OSPF
Tantsura, Jeff
jtantsura at ugceurope.com
Wed Aug 24 07:36:58 EDT 2005
http://www.ciscotaccc.com/iprout/showcase?case=K47811632
--
Jeff Tantsura CCIE# 11416
Senior IP Network Engineer
-----Original Message-----
From: Murilo Antonio Pugliese [mailto:mpugliese at diveo.net.br]
Sent: 18 August 2005 20:23
To: Joe Shen; Oliver Boehmer (oboehmer); Jeremiah Millay;
cisco-nsp at puck.nether.net
Subject: RES: ??: RES: [c-nsp] Re: Limiting networks announced on special
link of OSPF
Joe.
I'm sorry but I'm not sure, it sounds/looks ok to me, but
I have never deployed it so I cannot guarantee that it may/will work fine.
If you have the chance to test or deploy it, please could you let me know ?
Yours Truly.
Murilo Pugliese.
-----Mensagem original-----
De: Joe Shen [mailto:sj_hznm at yahoo.com.cn]
Enviada em: quarta-feira, 17 de agosto de 2005 07:15
Para: Murilo Antonio Pugliese; Oliver Boehmer (oboehmer); Jeremiah Millay;
cisco-nsp at puck.nether.net
Assunto: ??: RES: [c-nsp] Re: Limiting networks announced on special link of
OSPF
Thanks for your help.
Can I set up incoming LSA filtering, so that only
allows subnet inside VLAN3 to be installed on 6509-a
and 6509-b?
e.g
interface vlan3
description server-subnet
ip address 10.1.2.1 255.255.255.240
access-list 24 allow 10.1.2.0 0.0.0.15
access-list 24 allow 11.1.1.12 255.255.255.255
access-list 24 allow 11.1.1.13 255.255.255.255
access-list 24 deny any any
router ospf 100
network 10.1.1.0 0.0.0.255 area 0
network 10.1.2.0 0.0.0.15 area 10.1.2.0
network 10.1.3.0 0.0.0.255 area 0
distribute-list 24 in interface vlan3
If fact, area 10.1.2.0 is a area which need to learn
default route from both 6509-a and6509-b.
thanks
Joe
--- Murilo Antonio Pugliese
<mpugliese at diveo.net.br>дµÀ:
>
> Folks.
>
> Follow "a sample" to restrict OSPF advertisements
> that do work.
> I'm not sure if it's intended for the discussed
> scenario but I'm sending anyway.
>
> router ospf #
> ...
> redistribute connected/static subnets route-map
> void-ospf-redistribution
> !
> ip access-list extended void-redistribution
> permit ip <prefix> <wildcard-mask> <mask>
> <wildcard-mask>
> ...
> !
> route-map void-ospf-redistribution deny 10
> match ip address void-redistribution
> !
> route-map void-ospf-redistribution permit 20
> !
> Yours Truly.
>
> Murilo Pugliese.
>
> -----Mensagem original-----
> De: Oliver Boehmer (oboehmer)
> [mailto:oboehmer at cisco.com]
> Enviada em: terça-feira, 16 de agosto de 2005 11:33
> Para: Jeremiah Millay; cisco-nsp at puck.nether.net
> Assunto: RE: [c-nsp] Re: Limiting networks announced
> on special link of
> OSPF
>
>
> OSPF does not support generic outbound route
> filtering like you
> described below. You can't do this for link-state
> routing protocols as
> all routers within the area need to agree on the
> same topology.
>
> oli
>
> Jeremiah Millay <> wrote on Tuesday, August 16, 2005
> 4:23 PM:
>
> > I would use a distribute-list to filter SPECIFIC
> advertisements. For
> > example, say you were trying to restrict the
> advertisement of 10.1.1.0
> > out an interface like serial0/1. You would
> configure the following:
> > access-list 24 deny 10.1.1.0 0.0.0.255
> > access-list 24 permit any
> > router ospf 1
> > network 10.1.1.0 0.0.0.255 area 0
> > distribute-list 24 out interface s0/1
> >
> > Just change the prefix and the interface (int vlan
> 3 or whatever) that
> > you are trying to restrict advertisements to.
> > If you don't want ANY advertisements out an
> interface use the
> > passive-interface command. (passive-interface vlan
> 3)
> >
> >
> > cisco-nsp-request at puck.nether.net wrote:
> >
> >> Message: 6
> >>
> >> Date: Tue, 16 Aug 2005 15:25:06 +0800 (CST)
> >> From: Joe Shen <sj_hznm at yahoo.com.cn>
> >> Subject: [c-nsp] Limiting networks announced on
> special link of OSPF
> >> To: cisco-nsp at puck.nether.net Message-ID:
> >>
>
<20050816072506.3962.qmail at web15403.mail.cnb.yahoo.com>
> >> Content-Type: text/plain; charset=gb2312
> >>
> >> Hi,
> >>
> >> Can I restricting networks advertised on one link
> in
> >> OSPF?
> >>
> >>
> >> My situation:
> >>
> >>
> >> Cat6509-a ------------------ Cat6509-b
> >> (Vlan3, 8 on trunk)
> >>
> >>
> >> both Cat6509 run OSPF. Vlan 3 is a vlan planned
> for
> >> server installation, while Vlan 8 is
> interconnection.
> >> Subnet of Vlan 3 is planned as a NSSA area which
> >> connects to area 0, while both catalyst6509
> belong to
> >> area 0. There is only one ospf process configed
> on
> >> each catalyst6509, and there is logical interface
> >> Vlan3 on both catalyst6509.
> >>
> >>
> >> After setting up vlan3 interface on L3 module, I
> >> noticed catalyst6509-a and catalyst6509-b
> establish
> >> ospf neighbor relationship. And, route from
> 6509-b to
> >> some subnet on 6509-a point to vlan 3 and vlan8.
> but,
> >> i just don't want vlan3 on trunk link to carry
> any
> >> traffic beside those inside vlan3.
> >>
> >> How can I do it?
> >>
> >> thanks
> >>
> >> Joe
> >>
> >>
> >>
> >
> > --
> > Rock River Internet
> Jeremiah Millay
> > 202 W. State St, 8th Floor
> jeremiah at rockriver.net
> > Rockford, IL 61101
> 815-968-9888 Ext. 2202
> > USA
> fax 968-6888
> >
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at
> http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at
> http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at
> http://puck.nether.net/pipermail/cisco-nsp/
>
___________________________________________________________
ÑÅ»¢ÓÊÏ䳬ǿÔöÖµ·þÎñ£2G³¬´ó¿Õ¼ä¡¢pop3ÊÕÐÅ¡¢ÎÞÏÞÁ¿ÓʼþÌáÐÑ
http://cn.mail.yahoo.com
More information about the cisco-nsp
mailing list