Configuring OSPF
December 2005
© Foundry Networks, Inc.
20 - 25
you deny routes based on the destination network, but does not filter based on the network mask. To also
filter based on the destination network’s network mask, use an extended ACL.
•
Configure an OSPF distribution list that uses the ACL as input.
NOTE:
If you change the ACL after you configure the OSPF distribution list, you must clear the IP route table to
place the changed ACL into effect. To clear the IP route table, enter the
clear ip route
command at the Privileged
EXEC level of the CLI.
The following sections show how to use the CLI to configure an OSPF distribution list. Separate examples are
provided for standard and extended ACLs.
NOTE:
The examples show named ACLs. However, you also can use a numbered ACL as input to the OSPF
distribution list.
Using a Standard ACL as Input to the Distribution List
To use a standard ACL to configure an OSPF distribution list for denying specific routes, enter commands such as
the following:
FESX424 Router(config)# ip access-list standard no_ip
FESX424 Router(config-std-nacl)# deny 4.0.0.0 0.255.255.255
FESX424 Router(config-std-nacl)# permit any any
FESX424 Router(config-std-nacl)# exit
FESX424 Router(config)# router ospf
FESX424 Router(config-ospf-router)# distribute-list no_ip in
The first three commands configure a standard ACL that denies routes to any 4.x.x.x destination network and
allows all other routes for eligibility to be installed in the IP route table. The last three commands change the CLI
to the OSPF configuration level and configure an OSPF distribution list that uses the ACL as input. The
distribution list prevents routes to any 4.x.x.x destination network from entering the IP route table. The distribution
list does not prevent the routes from entering the OSPF database.
Syntax:
[no] distribute-list <acl-name> | <acl-id> in [<interface type>] [<interface number>]
Syntax:
[no] ip access-list standard <acl-name> | <acl-id>
Syntax:
deny | permit <source-ip> <wildcard>
The <acl-name> | <acl-id> parameter specifies the ACL name or ID.
The
in
command applies the ACL to incoming route updates.
The <interface number> parameter specifies the interface number on which to apply the ACL. Enter only one valid
interface number. If necessary, use the
show interface brief
command to display a list of valid interfaces. If you
do not specify an interface, the Foundry device applies the ACL to all incoming route updates.
If you do not specify an interface type and interface number, the device applies the OSPF distribution list to all
incoming route updates.
The
deny | permit
parameter indicates whether packets that match the policy are dropped or forwarded.
The <source-ip> parameter specifies the source address for the policy. Since this ACL is input to an OSPF
distribution list, the <source-ip> parameter actually is specifying the destination network of the route.
The <wildcard> parameter specifies the portion of the source address to match against. The <wildcard> is a four-
part value in dotted-decimal notation (IP address format) consisting of ones and zeros. Zeros in the mask mean
the packet’s source address must match the <source-ip>. Ones mean any value matches. For example, the
<source-ip> and <wildcard> values 4.0.0.0 0.255.255.255 mean that all 4.x.x.x networks match the ACL.
If you want the policy to match on all destination networks, enter
any
any
.
If you prefer to specify the wildcard (mask value) in Classless Interdomain Routing (CIDR) format, you can enter a
forward slash after the IP address, then enter the number of significant bits in the mask. For example, you can
Содержание FastIron Edge Switch X424
Страница 36: ...Foundry Configuration Guide for the FESX FSX and FWSX 2 12 Foundry Networks Inc December 2005...
Страница 56: ...Foundry Configuration Guide for the FESX FSX and FWSX 3 20 Foundry Networks Inc December 2005...
Страница 70: ...Foundry Configuration Guide for the FESX FSX and FWSX 4 14 Foundry Networks Inc December 2005...
Страница 198: ...Foundry Configuration Guide for the FESX FSX and FWSX 8 38 Foundry Networks Inc December 2005...
Страница 316: ...Foundry Configuration Guide for the FESX FSX and FWSX 12 26 Foundry Networks Inc December 2005...
Страница 334: ...Foundry Configuration Guide for the FESX FSX and FWSX 13 18 Foundry Networks Inc December 22 2005...
Страница 350: ...Foundry Configuration Guide for the FESX FSX and FWSX 15 12 Foundry Networks Inc December 2005...
Страница 458: ...Foundry Configuration Guide for the FESX FSX and FWSX 18 18 Foundry Networks Inc December 2005...
Страница 712: ...Foundry Configuration Guide for the FESX FSX and FWSX 22 32 Foundry Networks Inc December 2005...
Страница 760: ...Foundry Configuration Guide for the FESX FSX and FWSX A 34 Foundry Networks Inc December 2005...
Страница 796: ...Foundry Configuration Guide for the FESX FSX and FWSX C 18 Foundry Networks Inc December 2005...
Страница 820: ...Foundry Configuration Guide for the FESX FSX and FWSX E 10 Foundry Networks Inc December 2005...