In this guide, you will learn OSPF route filtering using distribute lists. The guide focuses on preventing OSPF internal routes from getting installed in the routing table regardless of the type of the routes (intra-area or inter-area). Besides, you will learn how to block redistributed routes from getting installed in the OSPF LS database.

OSPF supports LSA filtering between areas but OSPF nodes within the same area cannot filter LSAs between them. For example, imagine routers A  and B in area 4, router A cannot be configured to prevent the area’s router LSAs from getting sent to router B.

This way we cannot rely on LSA filtering to block OSPF routes from being installed in the routing table. Here comes OSPF route filtering with distribute lists, which does not affect how OSPF works but influences Cisco IOS’s routing process to prevent specific OSPF routes from entering the routing table.

In the rest of this tutorial, we use the network topology in Figure 1.

Figure 1 – The network diagram of the routing domain used in this guide

The network consists of four routers. Two routers are in EIGRP 12 autonomous system, and three routers are included in the OSPF routing domain. Here are the links to download the initial configurations of the routers.

Keep in mind that router R2 is redistributing EIGRP 12 routes into OSPF, as shown in the show ip route ospf command output below.

R4# show ip route ospf


omitted output

      10.0.0.0/8 is variably subnetted, 18 subnets, 2 masks
O E2     10.0.0.0/24 [110/20] via 10.0.24.2, 00:07:12, GigabitEthernet0/2
O E2     10.0.1.0/24 [110/20] via 10.0.24.2, 00:07:12, GigabitEthernet0/2
O E2     10.0.2.0/24 [110/20] via 10.0.24.2, 00:07:12, GigabitEthernet0/2
O E2     10.0.3.0/24 [110/20] via 10.0.24.2, 00:01:15, GigabitEthernet0/2
O E2     10.0.12.0/24 [110/20] via 10.0.24.2, 00:20:15, GigabitEthernet0/2
O IA     10.0.33.0/24 [110/2] via 10.0.34.3, 00:00:03, GigabitEthernet0/3
O        10.0.123.0/24 [110/2] via 10.0.34.3, 00:19:33, GigabitEthernet0/3
                       [110/2] via 10.0.24.2, 00:20:15, GigabitEthernet0/2

Suppress OSPF Intra-Area and Inter-Area Routes from Entering the Routing Table

The distribute-list std_acl_number in command when it is applied to an OSPF process allows controlling what OSPF intra-area/inter-area routes to install or not in the routing table, where std_acl_number is the identifier of a standard access control list (ACL) between 1 and 99 or between 1300 and 2699.

Moreover, you can use a named standard ACL instead of a numbered standard ACL.

In this example, we configure router R2 to not install internal routes 10.0.23.0/24 (intra-area route) and 10.0.33.0/24 (inter-area route) in the routing table.

R2(config)# access-list 1 deny 10.0.23.0 0.0.0.255
R2(config)# access-list 1 deny 10.0.33.0 0.0.0.255
R2(config)# access-list 1 permit any
R2(config)# 
R2(config)# router ospf 1
R2(config-router)# distribute-list 1 in

The show ip route ospf command output states that routes 10.0.23.0/24 and 10.0.33.0/24 no longer exist in R2’s routing table.

R2# show ip route ospf


omitted output

      10.0.0.0/8 is variably subnetted, 14 subnets, 2 masks
O        10.0.20.0/24 [110/2] via 10.0.24.4, 00:00:05, GigabitEthernet0/4
O        10.0.21.0/24 [110/2] via 10.0.24.4, 00:00:05, GigabitEthernet0/4
O        10.0.22.0/24 [110/2] via 10.0.24.4, 00:00:05, GigabitEthernet0/4
O        10.0.34.0/24 [110/2] via 10.0.123.3, 00:00:05, GigabitEthernet0/3
                      [110/2] via 10.0.24.4, 00:00:05, GigabitEthernet0/4

The distribute-list command does not affect the LS database. In fact, subnets 10.0.23.0/24 and 10.0.33.0/24 still have LS entries in router R2’s OSPF database, as you can see in the show ip ospf database command outputs.

R2# show ip ospf database router



omitted output

  LS age: 559
  Options: (No TOS-capability, DC)
  LS Type: Router Links
  Link State ID: 4.4.4.4
  Advertising Router: 4.4.4.4
  LS Seq Number: 80000009
  Checksum: 0xAAE2
  Length: 96
  Number of Links: 6

    Link connected to: a Stub Network
     (Link ID) Network/subnet number: 10.0.20.0
     (Link Data) Network Mask: 255.255.255.0
      Number of MTID metrics: 0
       TOS 0 Metrics: 1

    Link connected to: a Stub Network
     (Link ID) Network/subnet number: 10.0.21.0
     (Link Data) Network Mask: 255.255.255.0
      Number of MTID metrics: 0
       TOS 0 Metrics: 1

    Link connected to: a Stub Network
     (Link ID) Network/subnet number: 10.0.22.0
     (Link Data) Network Mask: 255.255.255.0
      Number of MTID metrics: 0
       TOS 0 Metrics: 1

    Link connected to: a Stub Network
     (Link ID) Network/subnet number: 10.0.23.0
     (Link Data) Network Mask: 255.255.255.0
      Number of MTID metrics: 0
       TOS 0 Metrics: 1

    Link connected to: a Transit Network
     (Link ID) Designated Router address: 10.0.34.4
     (Link Data) Router Interface address: 10.0.34.4
      Number of MTID metrics: 0
       TOS 0 Metrics: 1
          
    Link connected to: a Transit Network
     (Link ID) Designated Router address: 10.0.24.2
     (Link Data) Router Interface address: 10.0.24.4
      Number of MTID metrics: 0
       TOS 0 Metrics: 1

R2# show ip ospf database summary

            OSPF Router with ID (2.2.2.2) (Process ID 1)

                Summary Net Link States (Area 0)

  LS age: 1412
  Options: (No TOS-capability, DC, Upward)
  LS Type: Summary Links(Network)
  Link State ID: 10.0.33.0 (summary Network Number)
  Advertising Router: 3.3.3.3
  LS Seq Number: 80000006
  Checksum: 0x40BF
  Length: 28
  Network Mask: /24
        MTID: 0         Metric: 1 

Remove Redistributed Routes into OSPF from the OSPF Database and Routing Table

Cisco IOS supports removing Type 5 LSAs from the OSPF database. The distribute-list acl out allows removing one or many redistributed routes into OSPF from the OSPF database, where acl is the identifier of a standard access control list (ACL) between 1 and 99 or between 1300 and 2699.

Moreover, you can use a named standard ACL instead of a numbered standard ACL. In this example, we configure R2, the only ASBR in the network, to remove routing information about external subnet 10.0.0.0/24 from the OSPF database.

R2(config)# access-list 2 deny 10.0.0.0 0.0.0.255
R2(config)# access-list 2 permit any
R2(config)# 
R2(config)# router ospf 1
R2(config-router)# distribute-list 2 out

The show ip ospf database command output indicates that R2 removed the Type 5 LSA for subnet 10.0.0.0/24 from the OSPF database.

R2# show ip ospf database



omitted output


                Type-5 AS External Link States
          
Link ID         ADV Router      Age         Seq#       Checksum Tag
10.0.1.0        2.2.2.2         1108        0x80000001 0x001E6F 0
10.0.2.0        2.2.2.2         1108        0x80000001 0x001379 0
10.0.3.0        2.2.2.2         1108        0x80000001 0x000883 0
10.0.12.0       2.2.2.2         1110        0x80000001 0x00A4DD 0

Since the subnet 10.0.0.0/24’s routing data has been deleted from R2’s OSPF database, the route to that subnet will get removed from the OSPF databases of routers R3 and R4 since R2 is the only ASBR advertising the subnet in question.

Finally, note that the distribute-list out command works on ASBRs only.

Related Articles

• Open Shortest Path First (OSPF) Explained: The Ultimate Guide for CCNA
• OSPF Router ID: Format
• OSPF Null Authentication: Configuration & Verification
• OSPF Clear/Plain Text Authentication: Definition and Configuration Example
• OSPF Default Route Explained: Cost
• Basic OSPF Configuration Lab for CCNA
• OSPF Configuration: from Basic Stuff to Advanced One
• OSPF Passive Interface: How to Set it Up on Cisco and Juniper
• OSPF Virtual Link Explained + Configuration Example on Cisco IOS
• OSPF Stub Area: Definition
• OSPF LSA Types Tutorial: 6 Types Explained with Examples
• OSPF Graceful Restart: Operation & Configuration on Cisco IOS
• OSPF Totally Stubby Area: Operation and Configuration
• OSPF Reference Bandwidth: Definition and Configuration
• OSPF Cost: How OSPF Cost is Calculated and Configured?
• OSPF DR/BDR Election: Process
• OSPF Hello and Dead Interval: Operation and Configuration on Cisco IOS
• OSPF Metric: Calculation and Tuning on Cisco IOS
• OSPF MD5 Authentication Explained + Configuration on Cisco IOS
• OSPF HMAC-SHA Cryptographic Authentication: Operation and Configuration
• OSPF Multi-Area Topology + a Configuration Lab in Cisco Packet Tracer
• OSPF TTL Security Check Explained: Operation
• OSPF Graceful Shutdown: Operation and Configuration on Cisco IOS
• Route Redistribution Between OSPF and RIP
• OSPF Network Types Explained with Examples on Cisco IOS
• OSPF Totally NSSA (Not-So-Stubby Area) Area Explained with Examples on Cisco IOS
• OSPF NSSA (Not-So-Stubby Area) Area Explained + Configuration on Cisco IOS
• OSPF Summarization Explained + Configuration in Cisco IOS
• OSPF Type 5 LSA Filtering: Suppress LSA Type 5 and 7 Data on Cisco IOS Easily
• OSPF ABR Type 3 LSA Filtering Explained + Configuration on Cisco IOS
• OSPF Prefix Suppression Explained + Configuration on Cisco and Juniper Routers
• OSPF Path Selection: Criteria
• OSPF LSA Throttling: Tuning LSA Origination on Cisco IOS
• OSPF SPF Throttling: Scheduling SPF Runs Efficiently
• OSPF Incremental SPF (iSPF) Algorithm: Rebuilding The SPT Tree Fast
• OSPF Non-Broadcast Network Type: Used on Frame-Relay & NBMA Networks
• OSPF Point-to-Point Network Type is for PPP & Frame-Relay Point-to-Point Links
• OSPF Broadcast Network Type: Used on Ethernet and also Frame-Relay
• OSPF Point-to-Multipoint Network Type is for Frame Relay and NBMA Links
• OSPF vs RIP: What Differences Between OSPF and RIP?
• OSPF LSA Group Pacing Explained + Timer Configuration on Cisco IOS
• OSPF LSA Flood Pacing Explained + Timer Configuration on Cisco IOS
• OSPF LSA Retransmission Pacing Explained + Timer Configuration on Cisco IOS
• Troubleshooting OSPF Neighbor Adjacency Problems on Cisco IOS
• Troubleshooting OSPF Route Installation Explained on Cisco IOS
• Troubleshooting OSPF Route Advertisement Explained on Cisco IOS
• OSPF Stub Router: Advertisement + Configuration + Examples