Just like the EIGRP protocol, it is possible to filter what our routers will learn.
There are two main ways to do this:
– set up Aires Stubby, Totally Stubby, NSSA or Totally NSSA
– set up filtering directly on the router
Assume that the first solution is preferable. Implementing OSPF Filtering takes more time and more follow-up.
Still like the EIGRP protocol, there are three methods for implementing filtering:
– via ACL
– via Prefix-List
– via Route-map
We will also distinguish 3 families in the filtering:
– filtering type 1 and type 2 LSA
– filtering type 3 LSA
– filtering type 5 LSA
Okay, that's a lot! I agree with you.
What we're going to do is we're going to process this course via LSA filters and we're going to start in order: ACL then Prefix-List then Route-map.
Good luck with the rest 🙂
Filtering type 1 and type 2 ASLs
- Type 1 LSA – I'm announcing a Network.
- Type 2 LSA – Internal dialogue at an OSPF area for DR and BDR.
Type 1 and Type 2 LSAs remain within our OSPF area.
R1 (config) - ip access-list standard FINGER-ACL R1 (config-std-nacl) deny host X.X.X.X R1 (config-std-nacl) R1 (config) - router ospf 1 R1 (config-router) - distribute-list FINGER-ACL in
Filtering type 3 LSA
- Type 3 LSA – Type 1 and Type 2 LSA from another OSPF area
R1 (config) ip prefix-list AREA-10-FINGER deny X.X.X.X/24 R1 (config) ip prefix-list AREA-10-FINGER allowed 0.0.0.0/0 on 32 R1 (config) - router ospf 1 R1 (config-router) area 10 filter-list prefix AREA-10-FINGER in
Filtering type 5 LSA
- Type 5 LSA – Routes that come from another routing protocol
To filter Type 5 LSAs, we have two possible methods:
- Filter what the ASBR broadcasts
- Filter what is distributed in the OSPF bubble
Filter what the ASBR broadcasts
R1 (config) - ip access-list standard FINGER R1 (config-std-nacl) deny host X.X.X.X R1 (config-std-nacl) R1 (config) - router ospf 1 R1 (config-router) - distribute-list FINGER out
Filter what is distributed in the OSPF bubble
R1 (config) - ip access-list standard FINGER-ACL R1 (config-std-nacl) - permit host X.X.X.X R1 (config) - route-map FINGER-ROUTE-MAP deny 10 R1 (config-route-map) - match ip address FINGER-ACL R1 (config) - route-map FINGER-ROUTE-MAP permit 20 R1 (config) - router ospf 1 R1 (config-router) - redistribute connected subnets route-map FINGER-ROUTE-MAP
THE FINAL WORD!
Hoping you enjoyed this article!
Don't hesitate to let me know!!