OSPF distribute-list with different netmasks

Discussion in 'Cisco' started by German R, Oct 6, 2006.

  1. German R

    German R Guest

    Hello,
    We need to filter a single route in the OSPF advertisements from a
    router to another. I tested distribute-list and it works fine, but we
    have the following problem:

    Suppose we have following routes advertised via OSPF:

    192.168.1.0/24
    192.168.1.0/26

    How can we filter only 192.168.1.0/24 and allow the advertisement of
    192.168.1.0/26? The following configuration blocks both routes:

    access list 10 deny 192.168.1.0 0.0.0.255
    router ospf 20
    distribute-list 10 in

    We tested with

    access list 10 deny 192.168.1.0 0.0.0.0
    access list 10 deny 192.168.1.0

    but the result is the same. Any help will be appreciated. Thank you.

    Regards,

    German
    German R, Oct 6, 2006
    #1
    1. Advertising

  2. German R

    Doan Guest

    On 6 Oct 2006, German R wrote:

    > Hello,
    > We need to filter a single route in the OSPF advertisements from a
    > router to another. I tested distribute-list and it works fine, but we
    > have the following problem:
    >
    > Suppose we have following routes advertised via OSPF:
    >
    > 192.168.1.0/24
    > 192.168.1.0/26
    >
    > How can we filter only 192.168.1.0/24 and allow the advertisement of
    > 192.168.1.0/26? The following configuration blocks both routes:
    >
    > access list 10 deny 192.168.1.0 0.0.0.255
    > router ospf 20
    > distribute-list 10 in
    >
    > We tested with
    >
    > access list 10 deny 192.168.1.0 0.0.0.0
    > access list 10 deny 192.168.1.0
    >
    > but the result is the same. Any help will be appreciated. Thank you.
    >
    > Regards,
    >
    > German
    >

    How about changing the access list to:
    access-list 10 permit 192.168.1.0 0.0.0.63
    access-list 10 deny 192.168.1.0 0.0.0.255

    Doan
    Doan, Oct 6, 2006
    #2
    1. Advertising

  3. German R

    German R Guest

    Doan wrote:
    > On 6 Oct 2006, German R wrote:
    > How about changing the access list to:
    > access-list 10 permit 192.168.1.0 0.0.0.63
    > access-list 10 deny 192.168.1.0 0.0.0.255
    >
    > Doan


    Thank you, Doan. I tested your suggestion, but in this case it is
    allowing both networks 192.168.1.0/26 and 192.168.1.0/24.

    It seems that distribute-list checks only the network part of the route
    (not the netmask) and compares it to the ACL. In this case the
    "access-list 10 permit 192.168.1.0 0.0.0.63" is matching both
    networks...

    Is there any other way to filter this specific route (using route-maps,
    etc.)? Thanks!!
    German R, Oct 9, 2006
    #3
  4. German R

    Doan Guest

    On 9 Oct 2006, German R wrote:

    >
    > Doan wrote:
    > > On 6 Oct 2006, German R wrote:
    > > How about changing the access list to:
    > > access-list 10 permit 192.168.1.0 0.0.0.63
    > > access-list 10 deny 192.168.1.0 0.0.0.255
    > >
    > > Doan

    >
    > Thank you, Doan. I tested your suggestion, but in this case it is
    > allowing both networks 192.168.1.0/26 and 192.168.1.0/24.
    >
    > It seems that distribute-list checks only the network part of the route
    > (not the netmask) and compares it to the ACL. In this case the
    > "access-list 10 permit 192.168.1.0 0.0.0.63" is matching both
    > networks...
    >
    > Is there any other way to filter this specific route (using route-maps,
    > etc.)? Thanks!!
    >

    Did you configure "ip classless" on your routers?

    Doan
    Doan, Oct 9, 2006
    #4
  5. German R

    John Agosta Guest

    "Doan" <> wrote in message
    news:p...
    > On 9 Oct 2006, German R wrote:
    >
    >>
    >> Doan wrote:
    >> > On 6 Oct 2006, German R wrote:
    >> > How about changing the access list to:
    >> > access-list 10 permit 192.168.1.0 0.0.0.63
    >> > access-list 10 deny 192.168.1.0 0.0.0.255
    >> >
    >> > Doan

    >>
    >> Thank you, Doan. I tested your suggestion, but in this case it is
    >> allowing both networks 192.168.1.0/26 and 192.168.1.0/24.
    >>
    >> It seems that distribute-list checks only the network part of the route
    >> (not the netmask) and compares it to the ACL. In this case the
    >> "access-list 10 permit 192.168.1.0 0.0.0.63" is matching both
    >> networks...
    >>
    >> Is there any other way to filter this specific route (using route-maps,
    >> etc.)? Thanks!!
    >>

    > Did you configure "ip classless" on your routers?
    >
    > Doan



    Try looking into using prefix lists.
    John Agosta, Oct 9, 2006
    #5
  6. German R

    German R Guest

    John Agosta wrote:
    >
    > Try looking into using prefix lists.


    John, I tested with prefix-lists and it is working now. The config is
    the following:

    router ospf 20
    distribute-list prefix FILTER in
    !
    ip prefix-list FILTER seq 10 deny 192.168.1.0/24
    ip prefix-list FILTER seq 20 permit 0.0.0.0/0 le 32

    The second prefix-list line allows all other routes, including
    192.168.1.0/26.

    Thank you very much!
    German R, Oct 10, 2006
    #6
  7. German R

    John Agosta Guest

    "German R" <> wrote in message
    news:...
    >
    > John Agosta wrote:
    >>
    >> Try looking into using prefix lists.

    >
    > John, I tested with prefix-lists and it is working now. The config is
    > the following:
    >
    > router ospf 20
    > distribute-list prefix FILTER in
    > !
    > ip prefix-list FILTER seq 10 deny 192.168.1.0/24
    > ip prefix-list FILTER seq 20 permit 0.0.0.0/0 le 32
    >
    > The second prefix-list line allows all other routes, including
    > 192.168.1.0/26.
    >
    > Thank you very much!
    >



    Cool, isn't it !
    John Agosta, Oct 10, 2006
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Reinhard

    Cisco - Distribute-List and eigrp

    Reinhard, May 28, 2004, in forum: Cisco
    Replies:
    2
    Views:
    8,284
    Reinhard
    Jun 1, 2004
  2. Replies:
    5
    Views:
    6,058
    Barry Margolin
    Oct 15, 2004
  3. Rob
    Replies:
    6
    Views:
    9,281
    Ivan OstreŇ°
    Jan 13, 2005
  4. Replies:
    0
    Views:
    2,112
  5. alex
    Replies:
    11
    Views:
    1,556
Loading...

Share This Page