Yes, since you can not filter routes in the same area I assumed it was ABR.
Sent via mobile. On Mar 18, 2013, at 7:26 PM, Mike Rojas <[email protected]> wrote: > Hi Kevin and Marta, > > Excellent, thanks for the tip. I will write it down on my notes. > The only thing in regards to Kevin is that the range may only work for ABRs. > > range Summarize routes matching address/mask (border routers only) > > Thanks a bunch, I will write this down. > > Mike Rojas > > > > Date: Mon, 18 Mar 2013 17:16:27 -0400 > From: [email protected] > To: [email protected]; [email protected] > CC: [email protected] > Subject: Re: [OSL | CCIE_Security] FW: ASA OSPF Task 3 lab 2 > > The easiest solution is to use the OSPF "Range" command with the > "no-advertise" option on the ASA. > > router ospf 1 > > area 0 range 2.2.2.2 255.255.255.255 not-advertise > > > > Marta has it right with the other solution only that the loopback interface > that you're preventing would need to be a specific OSPF network type for the > filter list to work. If you cannot adjust the routers' config to accomplish > this.. then the range command on the ASA is your only and best option. > From: Marta Sokolowska <[email protected]> > Date: Monday, March 18, 2013 4:42 PM > To: Mike Rojas <[email protected]> > Cc: "[email protected]" <[email protected]> > Subject: Re: [OSL | CCIE_Security] FW: ASA OSPF Task 3 lab 2 > > Mike, > > try using prefix-list filtering on ASA instead of dividing OSPF into two > different processes. If you want to block prefix 2.2.2.2/32 from being > advertised into another area, first configure prefix-list denying prefix > 2.2.2.2/32 and allowing other prefixes: > > prefix-list OSPF seq 5 deny 2.2.2.2/32 > prefix-list OSPF seq 10 permit 0.0.0.0/0 le 32 > > Then apply it to OSPF configuration on ASA: > > router ospf 1 > router-id 11.45.45.11 > network 10.0.10.0 255.255.255.0 area 1 > network 192.168.10.0 255.255.255.0 area 0 > area 1 filter-list prefix OSPF out > > Marta Sokolowska. > > > > 2013/3/18 Mike Rojas <[email protected]> > > > From: [email protected] > To: [email protected] > Subject: ASA OSPF Task 3 lab 2 > Date: Sat, 16 Mar 2013 17:56:07 -0600 > > > From: [email protected] > To: [email protected] > Subject: OSPF on ASA (Task 3 Lab 2) > Date: Sat, 16 Mar 2013 15:26:25 -0600 > > Hi, > > I've been testing the sample Workbook that was released for ASA and since my > GNS3 nor computer are that powerful, I've been breaking down the points and > test them out before racking them up on Proctor labs. That being said, I am > testing features so the question that I have may not reflect the same IP > scheme nor the exact lab. > > Here is the question. > > Let's say we have 2 different Areas hooked up to the ASA firewall, On the > outside I have network 10.0.10.0/24 (Area 1), there is only one router and > It has a loopback with IP address 2.2.2.2 being advertised in the OSPF > Process. > > On the inside, I have Area 0 with a similar configuration but with network > 192.168.10.0/24 and loopback 4.4.4.4. The question says that I need to block > a Loopback 2.2.2.2 for being advertised to Area 0. Keypoint there is that I > cannot touch the routers. > > So, what I did was to divide 2 different process, 1 and 2, then created a > Route-map with an standard ACL that was denying 2.2.2.2 and allowing > 10.0.10.0/24. > > That worked, However, the task clearly specified that I needed to have Router > ID 11.45.45.11, I did try to configure the same router-ID on the other > process, but I got the following: > > ERROR: router-id 11.45.45.11 in use by ospf process 1. > > So I am checking if there is another way to solve this task or If I am doing > it incorrectly. > > Hope it makes sense... > > Cheers, > > Mike. > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > > > -- > -- > > Marta SokoĊowska. > _______________________________________________ For more information > regarding industry leading CCIE Lab training, please visit www.ipexpert.com > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > _______________________________________________ For more information > regarding industry leading CCIE Lab training, please visit www.ipexpert.com > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
