Can't find what you need?

• Ask the Community
• Create a Case
Reset Search



OSPF distribution filters do not work with permit as first clause and deny any any as last.

« Go Back


TitleOSPF distribution filters do not work with permit as first clause and deny any any as last.
OSPF Distribution list filters do not work with "permit" as the first line and "deny any any" as the last line of ACL.
The user has about 1000 OSPF routes and would like to permit just 4 of them and deny the rest of the 996 networks using the "distribute list" command. "Distribute list" command works fine if you use the firstset of ACL entriesto"deny"followed byACL entries to "permit any."

This can cause a problem for the customer as the "deny" ACL entries are far more than the "permit" ACL entries. Instead of doing this, we tried the opposite which would permit the 4 networks while disallowing the rest.
Software Release: N/A
Fixed in Version: N/A
The "distribute list"permits only the external routes. When this router calculates the route to the ASBR (originator of the external route), it does not install these external routes to the OSPF routing table because of the "distribute list"restriction. Since there is no route to reach the ASBR, the router does not install the external routes.
After permitting the advertising routers (ASBR's)router-id in ACL, the "distribute list" works fine.
telnet@R1(config)# sh ip ospf route
Destination Mask Path_Cost Type2_Cost Path_Type 1 10 Type2_Ext
Adv_Router Link_State Dest_Type State Tag Flags Ase Valid 0 1800
Paths Out_Port Next_Hop Type State
1 eth 1/1 OSPF 00 00
For example:
router ospf
area 0
redistribute static
distribute-list 10 in
telnet@R1(config)# show access-list 10
Standard IP access list 10
permit host

telnet@R1(config)# sh ip route
Total number of IP routes: 8
Type Codes - B:BGP D:Connected I:ISIS O:OSPF R:RIP S:Static; Cost - Dist/Metric
BGP Codes - i:iBGP e:eBGP
ISIS Codes - L1:Level-1 L2:Level-2
OSPF Codes - i:Inter Area 1:External Type 1 2:External Type 2 s:Sham Link
STATIC Codes - d:DHCPv6
Destination Gateway Port Cost Type Uptime src-vrf
1 eth 1/1 110/2 O 1d1h -
2 DIRECT loopback 1 0/0 D 10d4h -
3 DIRECT eth 1/1 0/0 D 3d4h -
4 mgmt 1 1/1 S 10d4h -
5 DIRECT mgmt 1 0/0 D 10d4h -
6 DIRECT drop 1/1 S 3d5h -
7 DIRECT eth 1/11 0/0 D 4d2h -
8 eth 1/1 110/10 O2 1d1h -
Additional notes



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255