OSPF Filtering – The Master List


What to Filter Method to Filter
Type 1 + 2 LSA’s (at ABR) Create a summary covering the range of prefixes to filter 

Area x Range <summary> <mask>

(optional) no discard-route internal to remove the discard route from the routing table

Type 1 + 2 LSA’s (at ABR without summary route) Create a summary covering the range of prefixes to filter or an exact match 

Area x Range <summary> <mask> not-advertise

Type 1 (just the link) On the interface configure 

int fx/x ip ospf prefix-suppression

Type 1 (all on the router except a few) Enable Prefix suppression on the router router ospf 1 prefix-suppression 

This will filter all prefixes except passive interfaces and those that have prefix suppression disabled on the interface with

int f0/0 ip ospf prefix-suppression disable

or

router os 1 pass int lo0

Dont forget to clear the ospf process

Type 1 + 2 (in an area) To achieve this create and ACL with the routes in it and use the distance command to remove the route access-list 1 permit host 1.1.1.1 router ospf 1 distance 255 1.1.1.1 0.0.0.0 1
Type 3 (on an ABR) Configure a prefix-list denying the routes (permit everything else) and then use an area filter-list to filter the routes 

ip prefix-list R5 deny 55.5.5.5/32 ip prefix-list R5 permit 0.0.0.0/0 le 32 router ospf 1 area 2 filter-list prefix R5 in

This filters 55.5.5.5/32 into Area 2

Type 3 (on an ABR filtering a route into an area) Due to the redistribution like affect on the ABR when a type 3 route is received from another area, placing a null route with a lower AD than the OSPF route will prevent it from entering the area. 

ip route 155.5.5.5 255.255.255.255 null 0

External Routes (on and ASBR) access-list 4 deny host 4.0.0.0 access-list 4 permit any router os 1 distribute-list 4 out
Type 5 (on the ASBR) Use summary-address command with the not-advertise keyword 

summary-address 144.0.0.0 255.0.0.0 not-advertise

Type 5 (on an ABR) External routes in OSPF can only be filtered on the router that originates them (i.e. the ASBR) the exception to this rule is an ABR for a NSSA area. The NSSA ABR takes type 7′s from the area and re-originates them as type 5′s giving us the option to filter them. Use summary-address command to filter. 

summary-address 144.0.0.0 255.0.0.0 not-advertise

Type 7 (on the ABR/ASBR which is redistributing the route) Use the no-redistribution keyword of area x nssa command to prevent routes redistributed on the router from entering the area (also need default-information-originate for connectivity if required) 

Router os 1 area 2 nssa no-redistribution

Filter all LSA’s to a neighbour This can be achieved when the link type is point-to-multipoint and the other router is specified by a neighbour command. Then you have option to filter all LSA to this neighbour. 

int f0/0 ip ospf network point-to-multipoint Router os 1 neighbor 10.1.23.3 database-filter all out

Filter all LSA’s out an interface int f0/0 ip ospf database-filter all out
Filter any LSA on the router (local only) access-list 5 deny host 5.5.5.5 access-list 5 permit any router os 1 distribute-list 5 in
Prevent a route from being sent past the first BGP router To do this set a tag of 3758096384 (or just 4000000000) on the route.
Advertisements

About ccie4all
Hello, and welcome to the first post of my CCIE blog This blog has got one simple goal and that is to improve our skills in Cisco Networking field so we can become best engineers on a job market. Wordpress Blog https://ccie4all.wordpress.com/ information about the changes made to Gns3 BGP , MPLS and R&S CCIE labs. In order to access and download all provided materials and receive important updates from Gns3 BGP , MPLS and R&S CCIE labs under GNS3 tab in the main header please go ahead and subscribe to https://ccie4all.wordpress.com/ ! All other posts have not been affected and can be accessed at any given time. Enjoy ! Tom

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: