Thanks for your reply.

I clear the OSPF process, but this also did not work.

fw-01 # get router info ospf database brief Link ID         ADV Router      Age  Seq#     CkSum Flag Route              Tag 10.9.9.0        10.9.9.2       411  80000005 463b  0002 E2 10.9.19.0/264    0 172.28.50.0     10.9.9.2       1104 80000004 74e6  0002 E2 172.28.50.0/24  0 172.28.51.0     10.2.2.10    1355 80000004 be7c  0002 E1 172.28.51.0/24  0

FYI A ACL or Prefix-list will not drop the prefix from  ospf-database just the RIB.

Hi emnoc,

thank for your reply. But as I said, I clear the OSPF process with:

execute router clear ospf process

This will completly purge the OSPF database. As well the routing entries. But after a while it will be learn again.

I also tried the following prefix-list and bound it to the OSPF area as inbound filter.

fw-01 # show router prefix-list config router prefix-list

    edit "10_In_0.0.0.2"             config rule                 edit 1                     set prefix 10.9.0.0 255.255.                     unset ge                     unset le                 next                 edit 2                     set action deny                     set prefix 0.0.0.0 0.0.0.0                     unset ge                     unset le                 next             end     next

end

Best regards.

Type 5 LSA (E2) can only be filtered in ASBR (as per ospf standards).

If i understand correctly you are trying to filter it in ABR, which is not possible.

OP

The ospf-database and route table are two unique things but the latter is built from the ospf-database. If you filter the  prefix, the LSA will still be present but the route-table will not populated the route.

So you are using the get router info ospf database brief but have you checked the  route-table get router infor all or  get router info ospf route ?

Ideally ashukla is correct that filtering on a ASBR, the E1/E2 ospf-type  which can be injected via  ASBR ( a route pushed into OSPF by some redistribution other than  OSPF  ) should be filter by the ASBR  but that  might not applicable if the network attaching the OSPF segment is a multi-access with multiple other  devices.

If I had to guess, the  172.28.50.0/24 is being generated via "10.9.9.2" from a redistribution on that router.

Hi emnoc & ashukla,

the route is even present in the routing table.

fw-01 # get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
       O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default

S* 0.0.0.0/0 [5/0] via 10.82.128.1, wan1
C 10.2.2.0/24 is directly connected, port1
C 10.2.22.0/24 is directly connected, port2
O E2 10.9.9.0/26 [60/0] via 10.9.0.70, port6, 00:22:45
C 10.9.9.64/26 is directly connected, port6
O E2 172.28.50.0/24 [60/0] via 10.9.0.70, port6, 00:22:45


fw-01 # get router info ospf route
C 10.2.135.0/24 [1] is directly connected, port1, Area 0.0.0.0
C 10.2.136.0/24 [10] is directly connected, port2, Area 0.0.0.0
E2 10.9.9.0/26 [10/0] via 10.9.0.70, port6
C 10.9.9.64/26 [10] is directly connected, port6, Area 0.0.0.2
E2 172.28.50.0/24 [10/0] via 10.9.0.70, port6

How can I achieve that the route does not appear in the table?

Show us what you have config  prefix-list and ospf configuration.

Hey I just notice your advertising router is different than what you provided earlier, this shouldn't matter  but wanted to point it out.

O E2 172.28.50.0/24 [60/0] via 10.9.0.70, port6, 00:22:45