jump to navigation

OSPF : Ingress filtering dengan merubah Administrative Distance July 14, 2009

Posted by ZoeL in Cisco, Router Simulator.
Tags: ,
trackback

Metode lain untuk OSPF Filtering adalah dengan merubah Administrative distance ke network yang ingin di blok menjadi 255 (unreliable/ignored route).

Lihat gambar (contoh diagram masih menggunakan post OSPF : Filter LSA Inter-Area dengan prefix-list, lihat config awal R1, r4, R5 dan R6)

scenario prefix-list filtering LSA type 3 network for OSPF

Skenarionya adalah, dari persepsi R5,  filter semua network yang didapat dari R6. Termasuk network statik null0 yang di buat sebagai network External type 2.

Sebelum melakukan filter, dari R5 kita periksa apa saja network subnet yang didapat dari R6.

!
interface Loopback0
ip address 150.1.6.6 255.255.255.0
!
interface FastEthernet0/0
ip address 155.1.146.6 255.255.255.0
!
router ospf 1
router-id 150.1.6.6
redistribute static subnets
network 150.1.6.6 0.0.0.0 area 1
network 155.1.146.6 0.0.0.0 area 1
!

R5#sh ip route ospf
155.1.0.0/24 is subnetted, 2 subnets
O IA    155.1.146.0 [110/65] via 155.1.0.4, 00:00:07, Serial1/0
[110/65] via 155.1.0.1, 00:00:07, Serial1/0
160.1.0.0/24 is subnetted, 1 subnets
O E2    160.1.60.0 [110/20] via 155.1.0.4, 00:00:07, Serial1/0
[110/20] via 155.1.0.1, 00:00:07, Serial1/0
150.1.0.0/16 is variably subnetted, 4 subnets, 2 masks
O IA    150.1.6.6/32 [110/66] via 155.1.0.4, 00:00:07, Serial1/0
[110/66] via 155.1.0.1, 00:00:07, Serial1/0
O IA    150.1.4.4/32 [110/65] via 155.1.0.4, 00:00:07, Serial1/0
O IA    150.1.1.1/32 [110/65] via 155.1.0.1, 00:00:07, Serial1/0
R5#

dari config R6 dan routing table R5, diperoleh informasi bahwa routing yang ada di R5 adalah 160.1.60.0 & 150.1.6.6.

Untuk subnet 160.1.60, router id pengirim adalah 150.1.6.6.
!
R5#sh ip route 160.1.60.0
Routing entry for 160.1.60.0/24
Known via “ospf 1”, distance 110, metric 20, type extern 2, forward metric 65
Last update from 155.1.0.4 on Serial1/0, 00:03:37 ago
Routing Descriptor Blocks:
155.1.0.4, from 150.1.6.6, 00:03:37 ago, via Serial1/0
Route metric is 20, traffic share count is 1
* 155.1.0.1, from 150.1.6.6, 00:03:37 ago, via Serial1/0
Route metric is 20, traffic share count is 1

!

Untuk subnet/host 150.1.6.6, router id pengirim adalah 150.1.4.4 dan 150.1.1.1.
R5#sh ip route 150.1.6.6
Routing entry for 150.1.6.6/32
Known via “ospf 1”, distance 110, metric 66, type inter area
Last update from 155.1.0.4 on Serial1/0, 00:05:34 ago
Routing Descriptor Blocks:
155.1.0.4, from 150.1.4.4, 00:05:34 ago, via Serial1/0
Route metric is 66, traffic share count is 1
* 155.1.0.1, from 150.1.1.1, 00:05:34 ago, via Serial1/0
Route metric is 66, traffic share count is 1

Setelah mempunyai info yang cukup mengenai subnet yang ingin di blok. Selanjutnya pasang command distance di router ospf R5.

router ospf 1
!
//command distance digunakan untuk merubah administrative
//distance sebuah route/subnet yang diterima router
//ip yang dicantumkan setelah command distance adalah ip
//yang menjadi source atau router-id yang mengirimkan network
//ke router lokal. Angka 99 atau 98 dibelakangnya adalah nomer access-list

distance 255 150.1.6.6 0.0.0.0 99
distance 255 150.1.1.1 0.0.0.0 98
distance 255 150.1.4.4 0.0.0.0 98
!
!
//cantumkan  subnet atau ip yang ingin di filter
access-list 98 permit 150.1.6.6
access-list 99 permit 160.1.60.0
!
!

Lalu verifikasi dari R5

R5#sh ip route ospf
155.1.0.0/24 is subnetted, 2 subnets
O IA    155.1.146.0 [110/65] via 155.1.0.4, 00:00:05, Serial1/0
[110/65] via 155.1.0.1, 00:00:05, Serial1/0
150.1.0.0/16 is variably subnetted, 3 subnets, 2 masks
O IA    150.1.4.4/32 [110/65] via 155.1.0.4, 00:00:05, Serial1/0
O IA    150.1.1.1/32 [110/65] via 155.1.0.1, 00:00:05, Serial1/0
R5#

160.1.60.0 dan 150.1.6.6 sudah ter-filter dari R5 karena memilki administrative distance 255. Administrative distance 255 berarti route / subnet tersebut unreliable dan diabaikan (ignored).

.end.

Comments»

No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: