OSPF distribute-list with different netmasks

10-06-2006

Hello,
We need to filter a single route in the OSPF advertisements from a
router to another. I tested distribute-list and it works fine, but we
have the following problem:

Suppose we have following routes advertised via OSPF:

192.168.1.0/24
192.168.1.0/26

How can we filter only 192.168.1.0/24 and allow the advertisement of
192.168.1.0/26? The following configuration blocks both routes:

access list 10 deny 192.168.1.0 0.0.0.255
router ospf 20
distribute-list 10 in

We tested with

access list 10 deny 192.168.1.0 0.0.0.0
access list 10 deny 192.168.1.0

but the result is the same. Any help will be appreciated. Thank you.

Regards,

German

10-06-2006

On 6 Oct 2006, German R wrote:

> Hello,
> We need to filter a single route in the OSPF advertisements from a
> router to another. I tested distribute-list and it works fine, but we
> have the following problem:
>
> Suppose we have following routes advertised via OSPF:
>
> 192.168.1.0/24
> 192.168.1.0/26
>
> How can we filter only 192.168.1.0/24 and allow the advertisement of
> 192.168.1.0/26? The following configuration blocks both routes:
>
> access list 10 deny 192.168.1.0 0.0.0.255
> router ospf 20
> distribute-list 10 in
>
> We tested with
>
> access list 10 deny 192.168.1.0 0.0.0.0
> access list 10 deny 192.168.1.0
>
> but the result is the same. Any help will be appreciated. Thank you.
>
> Regards,
>
> German
>
How about changing the access list to:
access-list 10 permit 192.168.1.0 0.0.0.63
access-list 10 deny 192.168.1.0 0.0.0.255

Doan

10-09-2006

Doan wrote:
> On 6 Oct 2006, German R wrote:
> How about changing the access list to:
> access-list 10 permit 192.168.1.0 0.0.0.63
> access-list 10 deny 192.168.1.0 0.0.0.255
>
> Doan

Thank you, Doan. I tested your suggestion, but in this case it is
allowing both networks 192.168.1.0/26 and 192.168.1.0/24.

It seems that distribute-list checks only the network part of the route
(not the netmask) and compares it to the ACL. In this case the
"access-list 10 permit 192.168.1.0 0.0.0.63" is matching both
networks...

Is there any other way to filter this specific route (using route-maps,
etc.)? Thanks!!

10-09-2006

On 9 Oct 2006, German R wrote:

>
> Doan wrote:
> > On 6 Oct 2006, German R wrote:
> > How about changing the access list to:
> > access-list 10 permit 192.168.1.0 0.0.0.63
> > access-list 10 deny 192.168.1.0 0.0.0.255
> >
> > Doan
>
> Thank you, Doan. I tested your suggestion, but in this case it is
> allowing both networks 192.168.1.0/26 and 192.168.1.0/24.
>
> It seems that distribute-list checks only the network part of the route
> (not the netmask) and compares it to the ACL. In this case the
> "access-list 10 permit 192.168.1.0 0.0.0.63" is matching both
> networks...
>
> Is there any other way to filter this specific route (using route-maps,
> etc.)? Thanks!!
>
Did you configure "ip classless" on your routers?

Doan

10-09-2006

"Doan" <> wrote in message
news

ine.GSO.4.33.0610091102040.4826-...
> On 9 Oct 2006, German R wrote:
>
>>
>> Doan wrote:
>> > On 6 Oct 2006, German R wrote:
>> > How about changing the access list to:
>> > access-list 10 permit 192.168.1.0 0.0.0.63
>> > access-list 10 deny 192.168.1.0 0.0.0.255
>> >
>> > Doan
>>
>> Thank you, Doan. I tested your suggestion, but in this case it is
>> allowing both networks 192.168.1.0/26 and 192.168.1.0/24.
>>
>> It seems that distribute-list checks only the network part of the route
>> (not the netmask) and compares it to the ACL. In this case the
>> "access-list 10 permit 192.168.1.0 0.0.0.63" is matching both
>> networks...
>>
>> Is there any other way to filter this specific route (using route-maps,
>> etc.)? Thanks!!
>>
> Did you configure "ip classless" on your routers?
>
> Doan

Try looking into using prefix lists.

10-10-2006

John Agosta wrote:
>
> Try looking into using prefix lists.

John, I tested with prefix-lists and it is working now. The config is
the following:

router ospf 20
distribute-list prefix FILTER in
!
ip prefix-list FILTER seq 10 deny 192.168.1.0/24
ip prefix-list FILTER seq 20 permit 0.0.0.0/0 le 32

The second prefix-list line allows all other routes, including
192.168.1.0/26.

Thank you very much!

10-10-2006

"German R" <> wrote in message
news: ps.com...
>
> John Agosta wrote:
>>
>> Try looking into using prefix lists.
>
> John, I tested with prefix-lists and it is working now. The config is
> the following:
>
> router ospf 20
> distribute-list prefix FILTER in
> !
> ip prefix-list FILTER seq 10 deny 192.168.1.0/24
> ip prefix-list FILTER seq 20 permit 0.0.0.0/0 le 32
>
> The second prefix-list line allows all other routes, including
> 192.168.1.0/26.
>
> Thank you very much!
>

Cool, isn't it !

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
basic/weird ospf question- ospf gurus need help!!!	k65020@gmail.com	Cisco	4	12-13-2007 05:22 PM
Checking IP addresses against lists of IPs, partial IPs, and netmasks.	Adam Funk	Perl Misc	12	07-05-2005 01:49 PM
Redistribute static to OSPF, overriding the slower OSPF-native route?	E.Finlayson	Cisco	0	09-10-2004 02:13 PM
Problem - OSPF Unequal Cost Load Balancing (Sort of)	NNTP Reader	Cisco	7	07-25-2003 12:52 AM
Re: Virtual Link OSPF doesn't work, help please.........	Hansang Bae	Cisco	0	07-23-2003 07:33 PM