03/26/2020 26 People found this article helpful 456,042 Views
This document explains the steps to filter out incoming OSPF routes from appearing in the Routing table of Dell SonicWall Security Appliance.
Scenario:
Two Dell SonicWall Security Appliances TZ 210 (5.9.1.5) and TZ215 (5.9.1.1) are being used to demonstrate OSPF route filtering.
In this example, 10.10.11.0/24 and 10.10.21.0/24 networks will be filtered from routing table using Distribute-list and access rules OSPF CLI commands from TZ 210:
Login to the CLI via SSH or Console and type the admin username and password.
(config-routing)# ospf
ZebOS version 7.7.0 IPIRouter 7/2009
Create named access list as Filter-Routes-in and add the following deny statements:
ARS OSPF>configure terminal
ARS OSPF(config)>access-list Filter-Routes-In deny 10.10.11.0/24
ARS OSPF(config)>access-list Filter-Routes-In deny 10.10.21.0/24
ARS OSPF(config)>access-list Filter-Routes-In permit any
ARS OSPF(config)>exit
To view the access list created above:
ARS OSPF>show access-list
ZebOS IP access list Filter-Routes-In
deny 10.10.11.0/24
deny 10.10.21.0/24
Apply the access list with distribute-list command by navigating to the OSPF process.
ARS OSPF>configure terminal
ARS OSPF(config)>router ospf
ARS OSPF(config-router)>distribute-list Filter-Routes-In in
Verify the configuration with show ip ospf route command on TZ210:
ARS OSPF(config-router)>exit
ARS OSPF(config)>exit
ARS OSPF>show ip ospf route
C 10.71.252.0/24 [1] is directly connected, X1, Area 0.0.0.0
C 172.19.125.0/24 [1] is directly connected, X0, Area 0.0.0.10
To save the above configuration:
ARS OSPF>write
To enable the routes back in the routing table:
ARS OSPF(config)>router ospf
ARS OSPF(config-router)>no distribute-list Filter-Routes-In in
ARS OSPF(config-router)>exit
ARS OSPF(config)>exit
ARS OSPF>show ip ospf route
E2 10.10.11.0/24 [1/20] via 10.71.252.14, X1
E2 10.10.21.0/24 [1/20] via 10.71.252.14, X1
C 10.71.252.0/24 [1] is directly connected, X1, Area 0.0.0.0
E2 10.200.200.0/24 [1/20] via 10.71.252.14, X1
C 172.19.125.0/24 [1] is directly connected, X0, Area 0.0.0.10
ARS OSPF>