OSPF Route Filtering Topology
Figure 1 OSPF
R1 (config) #int fa0/0 R1 (config-if) #ip add 172.10.1.1 255.255.255.0 R1 (config-if) #no shut R1 (config) #int fa0/1 R1 (config-if) #ip add 172.10.2.1 255.255.255.0 R1 (config-if) #no shut R1 (config) #int s0/0 R1 (config-if) #ip add 192.168.1.1 255.255.255.0 R1 (config-if) #no shut R2 (config) #int fa0/0 R2 (config-if) #ip add 172.20.1.1 255.255.255.0
Route Filtering
OSPF Route Filtering R2 (config-if) #no shut R2 (config) #int fa0/1 R2 (config-if) #ip add 172.20.2.1 255.255.255.0 R2 (config-if) #no shut R2 (config) #int s0/0 R2 (config-if) #ip add 192.168.2.1 255.255.255.0 R2 (config-if) #no shut R2 (config-if) #int lo1 R2 (config-if) #ip add 172.168.1.1 255.255.255.0 R2 (config-if) #int lo2 R2 (config-if) #ip add 172.168.2.1 255.255.255.0 R2 (config-if) #int lo3 R2 (config-if) #ip add 172.168.3.1 255.255.255.0 R2 (config-if) #int lo4 R2 (config-if) #ip add 172.168.4.1 255.255.255.0 R2 (config-if) #int lo5 R2 (config-if) #ip add 172.168.5.1 255.255.255.0 R3 (config) #int fa0/0 R3 (config-if) #ip add 172.30.1.1 255.255.255.0 R3 (config-if) #no shut R3 (config) #int fa0/1 R3 (config-if) #ip add 172.30.2.1 255.255.255.0 R3 (config-if) #no shut R3 (config) #int s0/0 R3 (config-if) #ip add 192.168.3.1 255.255.255.0 R3 (config-if) #no shut R4 (config) #int fa0/0 R4 (config-if) #ip add 172.40.1.1 255.255.255.0 R4 (config-if) #no shut R4 (config) #int fa0/1 R4 (config-if) #ip add 172.40.2.1 255.255.255.0 R4 (config-if) #no shut R4 (config) #int s0/0 R4 (config-if) #ip add 192.168.4.1 255.255.255.0 R4 (config-if) #no shut R5 (config) #int s0/0 R5 (config-if) #ip add 192.168.1.2 255.255.255.0 R5 (config-if) #no shut
OSPF Route Filtering R5 (config) #int s0/1 R5 (config-if) #ip add 192.168.2.2 255.255.255.0 R5 (config-if) #no shut R5 (config) #int s0/2 R5 (config-if) #ip add 192.168.3.2 255.255.255.0 R5 (config-if) #no shut R5 (config) #int s0/3 R5 (config-if) #ip add 192.168.4.2 255.255.255.0 R5 (config-if) #no shut R5#ping 192.168.1.1 to 4.1 successful R1 (config) #int fa0/0 R1 (config-if) #ip os 100 area 1 R1 (config) #int fa0/1 R1 (config-if) #ip os 100 area 1 R1 (config) #int s0/0 R1 (config-if) #ip os 100 area 1
R2 (config) #int fa0/0 R2 (config-if) #ip os 100 area 0 R2 (config) #int fa0/1 R2 (config-if) #ip os 100 area 0 R2 (config) #int s0/0 R2 (config-if) #ip os 100 area 0 R3 (config) #int fa0/0 R3 (config-if) #ip os 100 area 2 R3 (config) #int fa0/1 R3 (config-if) #ip os 100 area 2 R3 (config) #int s0/0 R3 (config-if) #ip os 100 area 2 R4 (config) #int fa0/0 R4 (config-if) #ip os 100 area 3 R3 (config) #int fa0/1 R3 (config-if) #ip os 100 area 3 R3 (config) #int s0/0 R3 (config-if) #ip os 100 area 3
OSPF Route Filtering R5 (config) #int s0/0 R5 (config-if) #ip os 100 area 1 R5 (config) #int s0/1 R5 (config-if) #ip os 100 area 0 R5 (config) #int s0/2 R5 (config-if) #ip os 100 area 2 R5 (config) #int s0/3 R5 (config-if) #ip os 100 area 3
R1#sh ip route os R2 (config) #router os 100 R2 (config-router) #redistribute ei 100 subnets metric-type 1 R1#sh ip route os R2 (config) #router ei 100 R2 (config-router) #no auto-summary R2 (config-router) #network 172.168.1.0 0.0.0.255 R2 (config-router) #network 172.168.2.0 0.0.0.255 R2 (config-router) #network 172.168.3.0 0.0.0.255 R2 (config-router) #network 172.168.4.0 0.0.0.255 R2 (config-router) #network 172.168.5.0 0.0.0.255 Apply Access-List on R1 R1 (config) #access-list 10 deny 172.40.1.0 0.0.0.255 R1 (config) #access-list 10 deny 172.40.2.0 0.0.0.255 R1 (config) #access-list 10 permit any R1 (config) #router os 100 R1 (config-router) #distribute-list 10 in s0/0 R1#sh ip route os We can see the effect here. Now we will remove distribute list R1 (config) #router os 100 R1 (config-router) #no distribute-list 10 in s0/0 R1#sh ip route os Now we will get all the routes. This above was route filtering via access-list
OSPF Route Filtering Now we will perform route filtering via route-map R1 (config) #route-map abc deny 10 R1 (config) #match ip address 10 R1 (config) #exit R1 (config) #route-map abc permit 20 We create here an access-list 10 and denied 40.1 and 40.2 IP. Except this all routes are permit. After that we created a route-map named ‘abc’ R1 (config) #router os 100 R1 (config-router) #distribute-list route-map abc in R1#sh ip route os What we can see here all the routes are denied except the 40.1 and 40.2 routes. Now we will remove this R1 (config-router) #no distribute-list route-map abc in Now we will see prefix-list R1#sh ip route os R1 (config) #ip prefix-list abc deny 172.30.0.0 /16 ge 24 le 24 R1 (config) #ip prefix-list abc permit 0.0.0.0/0 le 32 R1 (config) #router os 100 R1 (config-router) #distribute-list prefix abc in s0/0 R1#sh ip route os We cannot see 172.30 routes here. Now we will remove this R1 (config) #router os 100 R1 (config-router) #no distribute-list prefix abc in s0/0 R1#sh ip route os Now we can see all the routes once again. OSPF also offer route filtering via route tagging Now we will go on R2 R2 (config) #router os 100 R2 (config-router) #no redistribute ei 100 subnet metric-type 1
OSPF Route Filtering R2 (config) #router os 100 R2 (config-router) #redistribute ei 100 subnets metric-type 1 tag 100 R1#sh ip route os It contains external routes. R1#sh ip os database We can see tag is 100
R3#sh ip os database Tag is 100 R4#sh ip os database Tag is 100 R1 (config) #route-map as 100 R1 (config) #match tag 100 R1 (config) #exit R1 (config) #router os 100 R1 (config) #distribute-list route-map as 100 in R1#sh ip route os In ospf we can use area filter list. It will apply on ABR Here ABR is R5 We will block 40 series Area filter list only works with prefix-list. R5 (config) #ip prefix-list abc deny 172.40.0.0/16 ge 24 le 24 R5 (config) #ip prefix-list abc permit 0.0.0.0 /0 le 32 R5 (config) #router os 100 R5 (config-router) #area 1 filter-list prefix abc in R1#sh ip route os R2#sh ip route os R3#sh ip route os