Configuring an OSPFv2 distribution list using ACLs

To configure an OSPFv2 distribution list using ACLs:

  • Configure an ACL that identifies the routes you want to deny. Using a standard ACL allows you deny routes based on the destination network, but does not filter based on the network mask. To also filter based on the network mask of the destination network, use an extended ACL.
  • Configure an OSPFv2 distribution list that uses the ACL as input.

Examples

In the following configuration example, the first three commands configure a standard ACL that denies routes to any 10.x.x.x destination network and allows all other routes for eligibility to be installed in the IP route table. The last three commands change the CLI to the OSPFv2 configuration level and configure an OSPFv2 distribution list that uses the ACL as input. The distribution list prevents routes to any 10.x.x.x destination network from entering the IP route table. The distribution list does not prevent the routes from entering the OSPFv2 database. 

device(config)# ip access-list standard no_ip
device(config-std-nacl)# deny 10.0.0.0 0.255.255.255  
device(config-std-nacl)# permit any
device(config)# router ospf 
device(config-ospf-router) # area 0
device(config-ospf-router) # distribute-list no_ip in

In the following example, the first three commands configure an extended ACL that denies routes to any 10.31.39.x destination network and allows all other routes for eligibility to be installed in the IP route table. The last three commands change the CLI to the OSPFv2 configuration level and configure an OSPFv2 distribution list that uses the ACL as input. The distribution list prevents routes to any 10.31.39.x destination network from entering the IP route table. The distribution list does not prevent the routes from entering the OSPFv2 database. 

device(config)# ip access-list extended DenyNet39 
device(config-ext-nacl)# deny ip 10.31.39.0 0.0.0.255 any  
device(config-ext-nacl)# permit ip any any 
device(config)# router ospf 
device(config-ospf-router) # area 0
device(config-ospf-router) # distribute-list DenyNet39 in

In the following example, the first command configures a numbered ACL that denies routes to any 10.31.39.x destination network and allows all other routes for eligibility to be installed in the IP route table. The last three commands change the CLI to the OSPFv2 configuration level and configure an OSPF distribution list that uses the ACL as input. The distribution list prevents routes to any 10.31.39.x destination network from entering the IP route table. The distribution list does not prevent the routes from entering the OSPFv2 database. 

device(config)# ip access-list 100 deny ip 10.31.39.0 0.0.0.255 any 
device(config)# ip access-list 100 permit ip any any
device(config)# router ospf 
device(config-ospf-router) # area 0
device(config-ospf-router) # distribute-list 100 in
Parent topic: OSPFv2 distribute list