How to filter incoming OSPF routes

03/26/2020 26 People found this article helpful 486,355 Views

Description

This document explains the steps to filter out incoming OSPF routes from appearing in the Routing table of Dell SonicWall Security Appliance.

Scenario:

Two Dell SonicWall Security Appliances TZ 210 (5.9.1.5) and TZ215 (5.9.1.1) are being used to demonstrate OSPF route filtering.

Resolution

In this example, 10.10.11.0/24 and 10.10.21.0/24 networks will be filtered from routing table using Distribute-list and access rules OSPF CLI commands from TZ 210:

Login to the CLI via SSH or Console and type the admin username and password.

admin@TZ210@5-9-1-5> configure terminal

config(TZ210@5-9-1-5)# routing

(config-routing)# nsm

ZebOS version 7.7.0 IPIRouter 7/2009

ARS NSM>show ip route

Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP

O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

* - candidate default

O E2 10.10.11.0/24 [110/20] via 10.71.252.14, X1, 00:02:03

O E2 10.10.21.0/24 [110/20] via 10.71.252.14, X1, 00:02:03

C 10.71.252.0/24 is directly connected, X1

O E2 10.200.200.0/24 [110/20] via 10.71.252.14, X1, 00:02:03

C 127.0.0.0/8 is directly connected, lo0

C 172.19.125.0/24 is directly connected, X0

ARS NSM>exit

(config-routing)#

Enter to OSPF CLI configuration:

(config-routing)# ospf

ZebOS version 7.7.0 IPIRouter 7/2009

Create named access list as Filter-Routes-in and add the following deny statements:

ARS OSPF>configure terminal

ARS OSPF(config)>access-list Filter-Routes-In deny 10.10.11.0/24

ARS OSPF(config)>access-list Filter-Routes-In deny 10.10.21.0/24

ARS OSPF(config)>access-list Filter-Routes-In permit any

ARS OSPF(config)>exit

To view the access list created above:

ARS OSPF>show access-list

ZebOS IP access list Filter-Routes-In

deny 10.10.11.0/24

deny 10.10.21.0/24

Apply the access list with distribute-list command by navigating to the OSPF process.

ARS OSPF>configure terminal

ARS OSPF(config)>router ospf

ARS OSPF(config-router)>distribute-list Filter-Routes-In in

Verify the configuration with show ip ospf route command on TZ210:

ARS OSPF(config-router)>exit

ARS OSPF(config)>exit

ARS OSPF>show ip ospf route

C 10.71.252.0/24 [1] is directly connected, X1, Area 0.0.0.0

C 172.19.125.0/24 [1] is directly connected, X0, Area 0.0.0.10

To save the above configuration:

ARS OSPF>write

Configuration saved to OSPF

ARS OSPF>

To enable the routes back in the routing table:

ARS OSPF(config)>router ospf

ARS OSPF(config-router)>no distribute-list Filter-Routes-In in

ARS OSPF(config-router)>exit

ARS OSPF(config)>exit

ARS OSPF>show ip ospf route

E2 10.10.11.0/24 [1/20] via 10.71.252.14, X1

E2 10.10.21.0/24 [1/20] via 10.71.252.14, X1

C 10.71.252.0/24 [1] is directly connected, X1, Area 0.0.0.0

E2 10.200.200.0/24 [1/20] via 10.71.252.14, X1

C 172.19.125.0/24 [1] is directly connected, X0, Area 0.0.0.10

ARS OSPF>

Not Finding Your Answers?

ASK THE COMMUNITY

Was This Article Helpful?

YES NO

How to filter incoming OSPF routes

Description

Resolution

Related Articles

Categories

Not Finding Your Answers?

Was This Article Helpful?

Article Helpful Form

Article Not Helpful Form

Follow Us

Subscribe to newsletter

Stay In Touch