jump to navigation

OSPF : Ingress filtering dengan Distribute list July 13, 2009

Posted by ZoeL in Cisco, Routing.
Tags: , ,
trackback

Cara lain untuk blok update LSA di ospf yaitu dengan menggunakan distribute list. Filter dengan menggunakan distribute list hanya berlaku untuk RIB (Routing Information Base) lokal. Artinya, filter yang dilakukan hanya berjalan di router yang menjalankan distribute list. Dan LSA hello tetap di forward / diteruskan.

Pertama saya coba perlihatkan filtering dengan menggunakan distribute-list.
Silahkan lihat contoh dibawah (contoh diagram dan konfigurasi R1, R4, R5 dan R6 diambil dari post sebelumnya (OSPF : Filter LSA Inter-Area dengan prefix-list)

scenario prefix-list filtering LSA type 3 network for OSPF

Pasang command distribute-list di dalam mode router ospf, dan sertakan access-list untuk spesifik memilih network update yang ingin di blok. Arah in dan out unutk distribute list juga harus di pastikan jangan sampai salah. Untuk contoh, saya coba blok network 150.1.6.0 (R6) ketika masuk ke R1 dan R4 (in).

R1 dan R4

!
distribute list 99 in
!
access-list 99 deny 150.1.6.6
access-list 99 permit any
!

verifikasi :

R1#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

155.1.0.0/24 is subnetted, 2 subnets
C       155.1.146.0 is directly connected, FastEthernet0/0
C       155.1.0.0 is directly connected, Serial0/0
150.1.0.0/16 is variably subnetted, 3 subnets, 2 masks
C       150.1.1.0/24 is directly connected, Loopback0
O       150.1.5.5/32 [110/65] via 155.1.0.5, 00:01:43, Serial0/0
O       150.1.4.4/32 [110/2] via 155.1.146.4, 00:01:15, FastEthernet0/0

R4#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

155.1.0.0/24 is subnetted, 2 subnets
C       155.1.146.0 is directly connected, FastEthernet0/0
C       155.1.0.0 is directly connected, Serial0/0
150.1.0.0/16 is variably subnetted, 3 subnets, 2 masks
C       150.1.4.0/24 is directly connected, Loopback0
O       150.1.5.5/32 [110/65] via 155.1.0.5, 00:00:26, Serial0/0
O       150.1.1.1/32 [110/2] via 155.1.146.1, 00:00:26, FastEthernet0/0

Dari tabel sh ip route R1 dan R4 diatas, network 150.1.6.6 tidak ada di dalam daftar. Mari kita lihat di datar RIB R5 dan R6.

R5#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

155.1.0.0/24 is subnetted, 2 subnets
O IA    155.1.146.0 [110/65] via 155.1.0.4, 00:01:55, Serial1/0
[110/65] via 155.1.0.1, 00:01:55, Serial1/0
C       155.1.0.0 is directly connected, Serial1/0
150.1.0.0/16 is variably subnetted, 4 subnets, 2 masks
C       150.1.5.0/24 is directly connected, Loopback0
O IA    150.1.6.6/32 [110/66] via 155.1.0.4, 00:01:37, Serial1/0
[110/66] via 155.1.0.1, 00:01:37, Serial1/0
O IA    150.1.4.4/32 [110/65] via 155.1.0.4, 00:01:28, Serial1/0
O IA    150.1.1.1/32 [110/65] via 155.1.0.1, 00:01:38, Serial1/0
R5#

R6#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

155.1.0.0/24 is subnetted, 2 subnets
C       155.1.146.0 is directly connected, FastEthernet0/0
O IA    155.1.0.0 [110/65] via 155.1.146.4, 00:01:47, FastEthernet0/0
[110/65] via 155.1.146.1, 00:01:47, FastEthernet0/0
150.1.0.0/16 is variably subnetted, 4 subnets, 2 masks
C       150.1.6.0/24 is directly connected, Loopback0
O IA    150.1.5.5/32 [110/66] via 155.1.146.4, 00:01:47, FastEthernet0/0
[110/66] via 155.1.146.1, 00:01:47, FastEthernet0/0
O       150.1.4.4/32 [110/2] via 155.1.146.4, 00:01:49, FastEthernet0/0
O       150.1.1.1/32 [110/2] via 155.1.146.1, 00:01:49, FastEthernet0/0
R6#

Didalam routing table R5 dan R6 ada routing yang menuju ke 150.1.6.6, Ini berarti distribute list yang ada di R1 dan R4 tidak berpengaruh ke R5 dan R6.

.end.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: