Performing OSPF Type 5 LSA Filtering is an easy task. In this guide, you will learn how to suppress this type of OSPF LSAs on Cisco IOS. The commands used here apply to all Cisco routers and switches running Cisco IOS and IOS XE.

Distance vector protocols like RIP and EIGRP allow route-based filtering. However, OSPF does not since OSPF nodes exchange links state data instead of network routes. Additionally, when a router receives a Type 5 LSA, Type 7 LSA, or any other LSA, it cannot add or remove entries from it.

To filter a route, you simply need to delete the LSA or the LSA entry that is describing the route in question. For example, to suppress a Type 5 LSA-based route from the OSPF routing domain, you have to delete its corresponding LSA Type 5 on each ASBR that is redistributing that route.

Filtering LSAs Type 5 can be done through one of these three Cisco IOS commands: redistribute route-map, distribute-list out, and summary-address.

In the rest of this tutorial, we use the network topology in Figure 1.

Figure 1 – The network diagram of the routing domain used in this guide

The network consists of four routers. Two routers are in EIGRP 12 autonomous system, and three routers are included in the OSPF routing domain. Here are the initial configurations of the routers.

Router R1

Router(config)# hostname R1
R1(config)# 
R1(config)# interface loopback 0
R1(config-if)# ip address 10.0.0.1 255.255.255.0
R1(config-if)# 
R1(config-if)# interface loopback 1
R1(config-if)# ip address 10.0.1.1 255.255.255.0
R1(config-if)# 
R1(config-if)# interface loopback 2
R1(config-if)# ip address 10.0.2.1 255.255.255.0
R1(config-if)# 
R1(config-if)# interface loopback 3
R1(config-if)# ip address 10.0.3.1 255.255.255.0
R1(config-if)# 
R1(config-if)# interface GigabitEthernet0/2
R1(config-if)# ip address 10.0.12.1 255.255.255.0
R1(config-if)# no shutdown
R1(config-if)# 
R1(config-if)# router eigrp 12
R1(config-router)# network 10.0.0.0
R1(config-router)# no auto-summary

Router R2

Router(config)# hostname R2
R2(config)# 
R2(config)# interface GigabitEthernet0/1
R2(config-if)# ip address 10.0.12.2 255.255.255.0
R2(config-if)# no shutdown
R2(config-if)# 
R2(config-if)# interface GigabitEthernet0/3
R2(config-if)# ip address 10.0.123.2 255.255.255.0
R2(config-if)# no shutdown
R2(config-if)# 
R2(config-if)# interface GigabitEthernet0/4
R2(config-if)# ip address 10.0.24.2 255.255.255.0
R2(config-if)# no shutdown
R2(config-if)# 
R2(config-if)# 
R2(config-if)# router eigrp 12
R2(config-router)# network 10.0.12.2 0.0.0.0
R2(config-router)# no auto-summary
R2(config-router)# 
R2(config-router)# router ospf 1
R2(config-router)# router-id 2.2.2.2
R2(config-router)# network 10.0.123.2 0.0.0.0 area 0
R2(config-router)# network 10.0.24.2 0.0.0.0 area 0
R2(config-router)# redistribute eigrp 12 subnets

Router R3

Router(config)# hostname R3
R3(config)# 
R3(config-if)# interface GigabitEthernet0/2
R3(config-if)# ip address 10.0.123.3 255.255.255.0
R3(config-if)# no shutdown
R3(config-if)# 
R3(config-if)# interface GigabitEthernet0/4
R3(config-if)# ip address 10.0.34.3 255.255.255.0
R3(config-if)# no shutdown
R3(config-if)# 
R3(config-if)# router ospf 1
R3(config-router)# router-id 3.3.3.3
R3(config-router)# network 10.0.123.3 0.0.0.0 area 0
R3(config-router)# network 10.0.34.3 0.0.0.0 area 0

Router R4

Router(config)# hostname R4
R4(config)# 
R4(config-if)# interface GigabitEthernet0/2
R4(config-if)# ip address 10.0.24.4 255.255.255.0
R4(config-if)# no shutdown
R4(config-if)# 
R4(config-if)# interface GigabitEthernet0/3
R4(config-if)# ip address 10.0.34.4 255.255.255.0
R4(config-if)# no shutdown
R4(config-if)# 
R4(config-if)# router ospf 1
R4(config-router)# router-id 4.4.4.4
R4(config-router)# network 10.0.24.4 0.0.0.0 area 0
R4(config-router)# network 10.0.34.4 0.0.0.0 area 0

Keep in mind that router R2 is redistributing EIGRP 12 routes into OSPF, as shown in the show ip route ospf command output below.

R3# show ip route ospf


omitted output

      10.0.0.0/8 is variably subnetted, 10 subnets, 2 masks
O E2     10.0.0.0/24 [110/20] via 10.0.123.2, 00:00:39, GigabitEthernet0/2
O E2     10.0.1.0/24 [110/20] via 10.0.123.2, 00:00:39, GigabitEthernet0/2
O E2     10.0.2.0/24 [110/20] via 10.0.123.2, 00:00:39, GigabitEthernet0/2
O E2     10.0.3.0/24 [110/20] via 10.0.123.2, 00:00:39, GigabitEthernet0/2
O E2     10.0.12.0/24 [110/20] via 10.0.123.2, 00:00:39, GigabitEthernet0/2
O        10.0.24.0/24 [110/2] via 10.0.123.2, 00:00:39, GigabitEthernet0/2
                      [110/2] via 10.0.34.4, 00:00:21, GigabitEthernet0/4

OSPF type 5 LSAs describe external redistributed routes, and get created by Autonomous System Boundary Routers (ASBRs) and then flooded within all areas of the OSPF routing domain, except stubby areas. The ASBR originates one Type 5 LSA for each redistributed route into OSPF either from another dynamic routing protocol or via redistributing a connected or static route.

For example, router R2 generates five LSAs Type 5 for EIGRP 12’s routes redistributed into OSPF, as illustrated in the show ip ospf database external command output.

R2# show ip ospf database external

            OSPF Router with ID (2.2.2.2) (Process ID 1)

                Type-5 AS External Link States

  LS age: 1300
  Options: (No TOS-capability, DC, Upward)
  LS Type: AS External Link
  Link State ID: 10.0.0.0 (External Network Number )
  Advertising Router: 2.2.2.2
  LS Seq Number: 80000001
  Checksum: 0x2965
  Length: 36
  Network Mask: /24
        Metric Type: 2 (Larger than any link state path)
        MTID: 0 
        Metric: 20 
        Forward Address: 0.0.0.0
        External Route Tag: 0

  LS age: 1300
  Options: (No TOS-capability, DC, Upward)
  LS Type: AS External Link
  Link State ID: 10.0.1.0 (External Network Number )
  Advertising Router: 2.2.2.2
  LS Seq Number: 80000001
  Checksum: 0x1E6F
  Length: 36
  Network Mask: /24
        Metric Type: 2 (Larger than any link state path)
        MTID: 0 
        Metric: 20 
        Forward Address: 0.0.0.0
        External Route Tag: 0

  LS age: 1300
  Options: (No TOS-capability, DC, Upward)
  LS Type: AS External Link
  Link State ID: 10.0.2.0 (External Network Number )
  Advertising Router: 2.2.2.2
  LS Seq Number: 80000001
  Checksum: 0x1379
  Length: 36
  Network Mask: /24
        Metric Type: 2 (Larger than any link state path)
        MTID: 0 
        Metric: 20 
        Forward Address: 0.0.0.0
        External Route Tag: 0

  LS age: 1300
  Options: (No TOS-capability, DC, Upward)
  LS Type: AS External Link
  Link State ID: 10.0.3.0 (External Network Number )
  Advertising Router: 2.2.2.2
  LS Seq Number: 80000001
  Checksum: 0x883
  Length: 36
  Network Mask: /24
        Metric Type: 2 (Larger than any link state path)
        MTID: 0 
        Metric: 20 
        Forward Address: 0.0.0.0
        External Route Tag: 0

  LS age: 1305
  Options: (No TOS-capability, DC, Upward)
  LS Type: AS External Link
  Link State ID: 10.0.12.0 (External Network Number )
  Advertising Router: 2.2.2.2
  LS Seq Number: 80000001
  Checksum: 0xA4DD
  Length: 36
  Network Mask: /24
        Metric Type: 2 (Larger than any link state path)
        MTID: 0 
        Metric: 20 
        Forward Address: 0.0.0.0
        External Route Tag: 0

OSPF LSA Type 5 Filtering with Distribute Lists

Cisco IOS supports deleting Type 5 LSAs from the OSPF database. The distribute-list acl out command permits filtering one or many redistributed routes into OSPF from the OSPF database, where acl is the ID of a standard access control list (ACL) between 1 and 99 or between 1300 and 2699.

In addition, you can specify a named standard ACL instead of a numbered standard ACL. As an example, we instruct R2, the single ASBR in the network topology, to discard routing data about external subnet 10.0.1.0/24 from the OSPF database.

R2(config)# access-list 2 deny 10.0.1.0 0.0.0.255
R2(config)# access-list 2 permit any
R2(config)# 
R2(config)# router ospf 1
R2(config-router)# distribute-list 2 out

The ACL tells the distribute-list command what routes to remove and what routes to keep. The show ip ospf database command output indicates the Type 5 LSA describing subnet 10.0.1.0/24 no longer exists in R2’s OSPF database, which now includes four Type 5 LSAs instead of five.

R2# show ip ospf database

            OSPF Router with ID (2.2.2.2) (Process ID 1)

                Router Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum Link count
2.2.2.2         2.2.2.2         413         0x80000005 0x0007AD 2
3.3.3.3         3.3.3.3         389         0x80000005 0x00CDC8 2
4.4.4.4         4.4.4.4         364         0x80000005 0x00B79C 2

                Net Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum
10.0.24.2       2.2.2.2         413         0x80000002 0x00CE26
10.0.34.4       4.4.4.4         364         0x80000002 0x0022BA
10.0.123.3      3.3.3.3         389         0x80000002 0x001F71

                Type-5 AS External Link States

Link ID         ADV Router      Age         Seq#       Checksum Tag
10.0.0.0        2.2.2.2         413         0x80000002 0x002766 0
10.0.2.0        2.2.2.2         413         0x80000002 0x00117A 0
10.0.3.0        2.2.2.2         413         0x80000002 0x000684 0
10.0.12.0       2.2.2.2         413         0x80000002 0x00A2DE 0

Finally, note that the distribute-list out command works on ASBRs only.

OSPF LSA Type 5 Filtering using Route-Maps

When redistributing external routes into OSPF, a route map can be used to choose what IP prefixes to redistribute or not, and thus specify what routes to not generate Type 5 LSAs for.

In this example, we set up R2 to redistribute EIGRP 12 routes 10.0.0.0/24, 10.0.1.0/24, and 10.0.2.0/24 into OSPF, and ignore subnets 10.0.3.0/24 and 10.0.12.0/24.

To accomplish this:

Step 1. Create a standard list that allows subnets 10.0.0.0/24, 10.0.1.0/24, and 10.0.2.0/24.

Step 2. Create a route map entry that matches the ACL.

Step 3. Apply the route to the redistributed EIGRP routes.

R2(config)# access-list 2 permit 10.0.0.0 0.0.0.255
R2(config)# access-list 2 permit 10.0.1.0 0.0.0.255
R2(config)# access-list 2 permit 10.0.2.0 0.0.0.255
R2(config)# 
R2(config)# route-map EIGRP_into_OSPF permit 10
R2(config-route-map)# match ip address 2
R2(config-route-map)# exit
R2(config)# 
R2(config)# router ospf 1
R2(config-router)# redistribute eigrp 12 subnets route-map EIGRP_into_OSPF

The show ip ospf database command output states that Type 5 LSAs for subnets 10.0.3.0/24 and 10.0.12.0/24 have been removed from R2’s OSPF database.

R2# show ip ospf database

            OSPF Router with ID (2.2.2.2) (Process ID 1)

                Router Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum Link count
2.2.2.2         2.2.2.2         209         0x80000007 0x001799 2
3.3.3.3         3.3.3.3         210         0x80000008 0x00C7CB 2
4.4.4.4         4.4.4.4         210         0x80000008 0x00DD71 2

                Net Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum
10.0.24.4       4.4.4.4         210         0x80000001 0x00608B
10.0.34.4       4.4.4.4         880         0x80000001 0x0024B9
10.0.123.3      3.3.3.3         210         0x80000001 0x002170

                Type-5 AS External Link States

Link ID         ADV Router      Age         Seq#       Checksum Tag
10.0.0.0        2.2.2.2         203         0x80000003 0x002567 0
10.0.1.0        2.2.2.2         203         0x80000002 0x001C70 0
10.0.2.0        2.2.2.2         203         0x80000003 0x000F7B 0

OSPF LSA Type 5 Filtering Using the summary-address Command

OSPF supports condensing external routes regardless of their source: connected routes, static routes, or a dynamic routing protocol. The ASBR redistributing those routes can be configured to advertise a summary of them or suppress some external routes using the summary-address command.

the summary-address ip_address mask not-advertise command filters Type 5 LSAs matched by the ip_address/mask pair, where ip_address and mask are two 32-bit values.

This example configures router R2 to prevent IP prefixes 10.0.2.0/24 and 10.0.3.0/24 from getting injected into the OSPF routing domain. To learn how to calculate the IP address and mask for a summary route, read this post: OSPF route summarization.

R2(config)# router ospf 1
R2(config-router)# summary-address 10.0.2.0 255.255.254.0 not-advertise

To verify our configuration, we issue the show ip ospf database command on R2. Type 5 LSAs for routes 10.0.2.0 and 10.0.3.0 are no longer installed in R2’s OSPF LS database.

R2# show ip ospf database

            OSPF Router with ID (2.2.2.2) (Process ID 1)

                Router Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum Link count
2.2.2.2         2.2.2.2         1315        0x80000009 0x00139B 2
3.3.3.3         3.3.3.3         1552        0x80000009 0x00C5CC 2
4.4.4.4         4.4.4.4         1476        0x80000009 0x00DB72 2

                Net Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum
10.0.24.4       4.4.4.4         1476        0x80000002 0x005E8C
10.0.34.4       4.4.4.4         240         0x80000003 0x0020BB
10.0.123.3      3.3.3.3         1552        0x80000002 0x001F71

                Type-5 AS External Link States

Link ID         ADV Router      Age         Seq#       Checksum Tag
10.0.0.0        2.2.2.2         1315        0x80000002 0x002766 0
10.0.1.0        2.2.2.2         1315        0x80000002 0x001C70 0
10.0.12.0       2.2.2.2         1315        0x80000002 0x00A2DE 0

What about OSPF Type 7 LSA Filtering?

Both Type 5 and Type 7 LSAs describe external routes redistributed into OSPF. LSAs Type 7 are supported with NSSA areas whereas LSAs Type 5 are supported across the whole routing domain except stubby areas (OSPF stub, totally stubby, NSSA, and totally NSSA). Moreover, ABRs convert Type 7 LSAs into Type 5  in order to advertise external routes that are redistributed within NSSA areas to OSPF nodes in normal OSPF areas.

Similar to Type 5 LSAs, you can use the techniques discussed above to filter Type 7 LSAs.

What about OSPF Type 3 LSA Filtering?

Cisco IOS supports OSPF Type 3 LSA Filtering, which is done at the ABR level. It allows removing Type 3 LSA by instructing the ABR to not originate type 3 summary LSAs for particular links using either the area range no-advertise or area filter-list IOS command.

Additionally, you can still use the distribute-list in command on any OSPF node to deny the SPF process from adding internal OSPF routes to the routing table, without impacting the content of the LS database.

Related Lessons to OSPF Type 5 LSA Filtering

Mohamed Ouamer is a computer science teacher and a self-published author. He taught networking technologies and programming for more than fifteen years. While he loves to share knowledge and write, Mohamed's best passions include spending time with his family, visiting his parents, and learning new things.