Configuring an OSPFv2 distribution list using ACLs
To configure an OSPFv2 distribution list using ACLs:
- Configure an ACL that identifies the routes you want to deny. Using a standard ACL allows you deny routes based on the destination network, but does not filter based on the network mask. To also filter based on the network mask of the destination network, use an extended ACL.
- Configure an OSPFv2 distribution list that uses the ACL as input.
Examples
In the following configuration example, the first three commands configure a standard ACL that denies routes to any 10.x.x.x destination network and allows all other routes for eligibility to be installed in the IP route table. The last three commands change the CLI to the OSPFv2 configuration level and configure an OSPFv2 distribution list that uses the ACL as input. The distribution list prevents routes to any 10.x.x.x destination network from entering the IP route table. The distribution list does not prevent the routes from entering the OSPFv2 database.
device(config)# ip access-list standard no_ip device(config-std-nacl)# deny 10.0.0.0 0.255.255.255 device(config-std-nacl)# permit any device(config)# router ospf device(config-ospf-router) # area 0 device(config-ospf-router) # distribute-list no_ip in
In the following example, the first three commands configure an extended ACL that denies routes to any 10.31.39.x destination network and allows all other routes for eligibility to be installed in the IP route table. The last three commands change the CLI to the OSPFv2 configuration level and configure an OSPFv2 distribution list that uses the ACL as input. The distribution list prevents routes to any 10.31.39.x destination network from entering the IP route table. The distribution list does not prevent the routes from entering the OSPFv2 database.
device(config)# ip access-list extended DenyNet39 device(config-ext-nacl)# deny ip 10.31.39.0 0.0.0.255 any device(config-ext-nacl)# permit ip any any device(config)# router ospf device(config-ospf-router) # area 0 device(config-ospf-router) # distribute-list DenyNet39 in
In the following example, the first command configures a numbered ACL that denies routes to any 10.31.39.x destination network and allows all other routes for eligibility to be installed in the IP route table. The last three commands change the CLI to the OSPFv2 configuration level and configure an OSPF distribution list that uses the ACL as input. The distribution list prevents routes to any 10.31.39.x destination network from entering the IP route table. The distribution list does not prevent the routes from entering the OSPFv2 database.
device(config)# ip access-list 100 deny ip 10.31.39.0 0.0.0.255 any device(config)# ip access-list 100 permit ip any any device(config)# router ospf device(config-ospf-router) # area 0 device(config-ospf-router) # distribute-list 100 in