Pages

Tuesday, February 12, 2013

OSPF - Routes Filtering


please refer to previous post for details and configuration.

before we get started, please take notes that we can only filter routes from being installed into the router's routing table, that means we can only filter inbound routes.

We'll filter Could 5 (10.10.5.0/24) on R4, so that Cloud 1 & 2 (192.168.1.0 and 192.168.2.0) could not reach Cloud 5.

Before changes, Cloud 1/2 can reach Cloud 5

VPCS[1]> ping 10.10.5.1
10.10.5.1 icmp_seq=1 ttl=61 time=32.803 ms
10.10.5.1 icmp_seq=2 ttl=61 time=39.639 ms
10.10.5.1 icmp_seq=3 ttl=61 time=37.984 ms
10.10.5.1 icmp_seq=4 ttl=61 time=37.612 ms
10.10.5.1 icmp_seq=5 ttl=61 time=34.332 ms

Create access list for the interested route, and apply it on OSPF process 1


access-list 1 deny   10.10.5.0 0.0.0.255
access-list 1 permit any

router ospf 1
..
 distribute-list 1 in FastEthernet0/0

Now Cloud 5 should not be available to Cloud 1 and 2

VPCS[1]> ping 10.10.5.1
*192.168.1.254 icmp_seq=1 ttl=255 time=19.864 ms (ICMP type:3, code:1, Destination host unreachable)
*192.168.1.254 icmp_seq=2 ttl=255 time=12.023 ms (ICMP type:3, code:1, Destination host unreachable)
*192.168.1.254 icmp_seq=3 ttl=255 time=13.934 ms (ICMP type:3, code:1, Destination host unreachable)
*192.168.1.254 icmp_seq=4 ttl=255 time=6.390 ms (ICMP type:3, code:1, Destination host unreachable)
*192.168.1.254 icmp_seq=5 ttl=255 time=19.270 ms (ICMP type:3, code:1, Destination host unreachable)


Make sure Cloud 6 is accessible by both, and the rest of routes and access is not affected


No comments:

Post a Comment