This comes up like a thousand times, some claim you can't drop E2 prefixes but that's 100% incorrectly. I will show you;
I want to drop one prefix so I craft a prefix-list.
i guess you can use an acl list but I like prefix-list and they are so much easier for ipv4 and ipv6
config router prefix-list edit "dropit" config rule edit 1 set action deny set prefix 10.212.134.0 255.255.255.0 unset ge unset le next edit 2 set prefix 0.0.0.0 0.0.0.0 unset ge set le 32 next end next end
Now we apply this into the router ospf general. The rule #1 match will talke place b4 rule #2 which is basically an "any" prefix
set router-id 192.0.2.2 set distribute-list-in "dropit" config area edit 0.0.0.0 next end config ospf-interface edit "root2custA1" set interface "root2custA1" set network-type point-to-point next end config network edit 1 set prefix 192.168.10.0 255.255.255.252 next end config redistribute "connected" end config redistribute "static" end config redistribute "rip" end config redistribute "bgp" end config redistribute "isis" end end
Keep in mind the ospf database will still have the LSA for the network. Here's a screenshot of the before after and ospf database
I hope this helps .
ken
PCNSE
NSE
StrongSwan
hmm, You can look a route-map but that's typically used on the source(s) "route distribution or redistribution" If you need to filter on let's router-id rtr1and not rtrb, can't you have the router 1.0.0.1 manipulate the E2 metrics directly to accomplish what you want ?
Other action could be a summary from that routerA and use the more specific route from routerB.
Bottom line, you should control the route create and distribution at the source. It would make it way much easier.
PCNSE
NSE
StrongSwan
Yeah, that's the only place I see where I can apply the route map. I'm trying to filter in the downstream router though.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.