Manualshelf

Configuration Guide User guide

ManualsBrandsBrocade ManualsComputer AccessoriesFastIron
1311131213131314131513161317131813191320
FastIron Configuration Guide 1257
53-1002494-01
Configuring OSPF
Using an extended ACL as input to the distribution list
You can use an extended ACL with an OSPF distribution list to filter OSPF routes based on the
network mask of the destination network.
To use an extended ACL to configure an OSPF distribution list for denying specific routes, enter
commands such as the following.
The first three commands configure an extended ACL that denies routes to any 4.x.x.x destination
network with a 255.255.0.0 network mask and allows all other routes for eligibility to be installed
in the IP route table. The last three commands change the CLI to the OSPF configuration level and
configure an OSPF distribution list that uses the ACL as input. The distribution list prevents routes
to any 4.x.x.x destination network with network mask 255.255.0.0 from entering the IP route table.
The distribution list does not prevent the routes from entering the OSPF database.
Syntax: [no] ip access-list extended <ACL-name> | <ACL-id>
Syntax: deny | permit <ip-protocol> <source-ip> <wildcard> <destination-ip> <wildcard>
The <ACL-name> | <ACL-id> parameter specifies the ACL name or ID.
The deny | permit parameter indicates whether packets that match the policy are dropped or
forwarded.
The <ip-protocol> parameter indicates the type of IP packet you are filtering. When using an
extended ACL as input for an OSPF distribution list, specify ip.
Because this ACL is input to an OSPF distribution list, the <source-ip> parameter actually specifies
the destination network of the route.
The <wildcard> parameter specifies the portion of the source address to match against. The
<wildcard> is in dotted-decimal notation (IP address format). It is a four-part value, where each
part is 8 bits (one byte) separated by dots, and each bit is a one or a zero. Each part is a number
ranging from 0 to 255, for example 0.0.0.255. Zeros in the mask mean the packet source address
must match the <source-ip>. Ones mean any value matches. For example, the <source-ip> and
<wildcard> values 4.0.0.0 0.255.255.255 mean that all 4.x.x.x networks match the ACL.
If you want the policy to match on all network addresses, enter any any.
If you prefer to specify the wildcard (mask value) in Classless Interdomain Routing (CIDR) format,
you can enter a forward slash after the IP address, then enter the number of significant bits in the
mask. For example, you can enter the CIDR equivalent of “4.0.0.0 0.255.255.255” as “4.0.0.0/8”.
The CLI automatically converts the CIDR number into the appropriate ACL mask (where zeros
instead of ones are the significant bits) and changes the non-significant portion of the IP address
into zeros.
Brocade(config)#ip access-list extended no_ip
Brocade(config-ext-nACL)#deny ip 4.0.0.0 0.255.255.255 255.255.0.0 0.0.255.255
Brocade(config-ext-nACL)#permit ip any any
Brocade(config-ext-nACL)#exit
Brocade(config)#router ospf
Brocade(config-ospf-router)#distribute-list no_ip in