Filter a Route

controlcontrol Member Posts: 309
Afternoon All,

If I have a static route in place and I do not want this being sent out via OSPF to adjacent routers, is there a way for me to filter out this one route?
I created a static route and it's automatically being learnt by neighbor routers, but for this one route I do not want this.

Thanks

Comments

  • nerdydadnerdydad Member Posts: 261
    There are a few different ways to filter routes, but if you are not redistributing it into ospf, it will not be advertised to the neighbors.
  • controlcontrol Member Posts: 309
    This is my issue - it is being redistributed into OSPF, but I don't want this route to...
  • altdrugzaltdrugz Member Posts: 69 ■■□□□□□□□□
    is there the "redistribute static" in the ospf section of running-config ?
  • nerdydadnerdydad Member Posts: 261
    There would have to be a redistribute static command in there, unless you're using packet tracer or something, sometimes simulators do funny things.

    access-list 10 deny x.x.x.x x.x.x.x (route you don't want advertised)
    access-list 10 permit any any (allows all other routes)

    router ospf x (on the router with the static route)
    distribute-list 10 out
  • fiftyofiftyo Member Posts: 71 ■■□□□□□□□□
    You could redistribute using route-maps:
    First define the static route: ip route a.c.d.f b.b.b.b exit int/next hop
    Then define a prefix-list matching the static route: ip prefix-list block_static permit x.x.x.x/y #Where y matches the subnet mask you defined in the static route, but in prefix form instead of x.x.x.x
    Next define the route-map which will block this static route:
    route-map block_static deny 10
    match ip address prefix-list block_static
    route-map block_static permit 100
    #Leave this empty, if you don't end the route-map with a permit statement, all other redistributed routes will be blocked as well...
    Tie everything together:
    router ospf 1
    redistribute static subnets route-map block_static
    This will redistribute static routes, but calling on the route-map first. It looks at the first sequence number, in this case 10 which specifies deny, looks at what it matches, in this case the prefix-list matching the static route, it then denies the matched route from being redistributed. Then it moves on the the sequence number 100, which is a permit statement, sees no match statement, which means in this case it will match everything, meaning every route redistributed except the one denied earlier will be redistributed.
  • controlcontrol Member Posts: 309
    Thanks for that.

    Regarding the route map, if there is already a route map attached to the redistribute static command (but permitting networks), can I add a second route map to deny my one network?
  • controlcontrol Member Posts: 309
    ah I can now see where the issue is. The network I don't want advertised is part of that permit route map on the router!
  • fiftyofiftyo Member Posts: 71 ■■□□□□□□□□
    control wrote: »
    Thanks for that.

    Regarding the route map, if there is already a route map attached to the redistribute static command (but permitting networks), can I add a second route map to deny my one network?
    You could add a deny statement with a lower sequence number in the route-map, matching the static route you want to filter. It will then be matched earlier in the route-map, and therefore be denied to be redistributed. Or as in the post above this one, you could just remove the static route being permitted in the route-map, from the acl/prefix-list etc. it's matched in.
  • controlcontrol Member Posts: 309
    Appreciate the feedback and advice. Cheers
  • vayzevayze Member Posts: 10 ■□□□□□□□□□
    fiftyo wrote: »
    You could add a deny statement with a lower sequence number in the route-map, matching the static route you want to filter. It will then be matched earlier in the route-map, and therefore be denied to be redistributed. Or as in the post above this one, you could just remove the static route being permitted in the route-map, from the acl/prefix-list etc. it's matched in.
    +1++++++++++++++1
Sign In or Register to comment.