LAB: OSPF Filtering with Administrative Distance

- Configure administrative distance filtering on R5 so that traffic going towards the VLAN 67 network is sent towards R3.


Administrative distance can be changed on a per-prefix and per-neighbor  basis in OSPF, the main difference here is that the address field in the distance command refers to the originator of the prefix into the area. not necessarily the neighbor you are learning the routes from.


in the scenario below. routes going to 155.1.67.0 network  is reachable via two ABRs,
1.  155.1.0.3 which is advertised by 150.1.3.3 (R3)-ABR
2.  155.1.0.1 which is advertised by 150.1.6.6 (R6)-ABR

so we can match either one of the above ABR ip address for the address field in the distance command.

Rack1R5#show ip route 155.1.67.0
Routing entry for 155.1.67.0/24
  Known via "ospf 1", distance 110, metric 66, type inter area
  Last update from 155.1.0.3 on Serial0/0, 00:00:02 ago
  Routing Descriptor Blocks:
    155.1.0.3, from 150.1.3.3, 00:00:02 ago, via Serial0/0
      Route metric is 66, traffic share count is 1
  * 155.1.0.1, from 150.1.6.6, 00:00:02 ago, via Serial0/0
      Route metric is 66, traffic share count is 1

adding the distance command at R5

Rack1R5(config)#access-list 67 permit 155.1.67.0

Rack1R5(config)#router ospf 1
Rack1R5(config-router)#distance 255 150.1.6.6 0.0.0.0 67

verification:  now only the routes toward R3 is installed.

Routing entry for 155.1.67.0/24
  Known via "ospf 1", distance 110, metric 66, type inter area
  Last update from 155.1.0.3 on Serial0/0, 00:00:06 ago
  Routing Descriptor Blocks:
  * 155.1.0.3, from 150.1.3.3, 00:00:06 ago, via Serial0/0
      Route metric is 66, traffic share count is 1

Rack1R5#traceroute 155.1.67.6

Type escape sequence to abort.
Tracing the route to 155.1.67.6

  1 155.1.0.3 20 msec 36 msec 0 msec
  2 155.1.37.7 16 msec 8 msec 8 msec
  3 155.1.67.6 12 msec *  56 msec