Redistribution
please check the attached topology, i want to deny the 1.1.1.1/32 network going thro ospf domian now the goal is to use distribution-list.
first i create Acl with deny statement of 1.1.1.1/32 then permit any, then under eigrp i applied the distribution-list out to ospf1.
On R2#conf t
router eigrp 100
distribution-list ACL out ospf 1.
here router 2 only doing mutual redistribution, so R2 have the eigrp network coming from R1 (1.1.1.1/32) and its entring to OSPF doming using redistribution, but the denied routes are still appering on R3.
Comments
I don't think that you can block the external route 1.1.1.1 since It will go to the OSPF database when you are redistributing. My advice is to use a route-map in the redistribution so that you deny the 1.1.1.1 from entering into the OSPF.
Router2
router ospf
redistribute eigrp subnets route-map DENY_R1Lo
i must use distribute-list the question not allow to use route-map
Greetings Feroz, like nersasmarin said, more usual to use route map
Since goal is to use distribute list, use under ospf process:
router ospf 1
redistriribute eigrp 100 subnets
distribute-list 1 out eigrp 100
Filters routes between global route table and ospf process. cheers
why it working under eigrp process, the route generating in eigrp then it go to ospf via redistribution , if we apply under ospf with OUT statement eigrp 100 means we deny 1.1.1. prefix on eigrp
But in lab i try this already it works, please explain why it not works under eigrp process
Hello Feroz, I just simulate your lab and I found a nice solution.
Like I told you before, you cannot avoid from redistribution to install the route in the database, but you can stop it form get into the RIB.
I just config the distribute-list on R3 IN and It stop the route from go to the RIB although It's in the database.
router ospf 1
log-adjacency-changes
distribute-list 1 in FastEthernet0/0
R3#show ip route
3.0.0.0/32 is subnetted, 1 subnets
C 3.3.3.3 is directly connected, Loopback0
23.0.0.0/24 is subnetted, 1 subnets
C 23.0.0.0 is directly connected, FastEthernet0/0
12.0.0.0/24 is subnetted, 1 subnets
O E2 12.0.0.0 [110/20] via 23.0.0.2, 00:00:14, FastEthernet0/0
R3#show ip ospf data
OSPF Router with ID (3.3.3.3) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
3.3.3.3 3.3.3.3 260 0x80000002 0x000AB6 2
23.0.0.2 23.0.0.2 99 0x80000003 0x00447D 1
Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
23.0.0.2 23.0.0.2 266 0x80000001 0x00CF13
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
1.1.1.0 23.0.0.2 99 0x80000001 0x00E79C 0
12.0.0.0 23.0.0.2 99 0x80000001 0x006F0C 0
Greetings Feroz and good question.
My model of how it works: each process is making calls to route table when it involves redistribution. redistribute eigrp under ospf instructs ospf process to request eigrp routes. It interacts with RT process as seen by "debug ip routing" which manages global route table. The distribute list acts as a filter with this route exchange. The ospf calls pass through the "distribute list out eigrp" filter before RT passes prefixes to OSPF. Route table structure keeps track of which processes are interested in which routes. After redistribution, do a "show ip route <prefix>" and you should see that redistributed prefixes being "Advertised by ospf". That info is from route table.
Placing "distribute-list out ospf" under router eigrp has the mirror effect; eigrp will not call for ospf routes that are denied by distribute-list out ospf.
Please understand that I am not an expert, but the above is my understanding.
Understood now. Thanks both of you explained well