distribute-list gateway with OSPF
The following example is showing how to use distribute-list with the gateway option for inbound route filtering in OSPF. The diagram below shows R1 directly connected to R2 with OSPF configured between them.
Initial Configuration:
!-- R1 OSPF configuration router ospf 1 router-id 1.1.1.1 log-adjacency-changes network 172.16.12.1 0.0.0.0 area 0 network 172.16.101.1 0.0.0.0 area 0 !-- R1's Loopback0 network 10.10.10.1 0.0.0.0 area 0 !-- R1's Loopback1 !-- R2 OSPF configuration router ospf 1 router-id 2.2.2.2 log-adjacency-changes network 172.16.12.2 0.0.0.0 area 0 network 172.16.102.1 0.0.0.0 area 0 !-- R2's Loopback0 !-- Routing tables R1(config-router)#do sh ip route ospf 172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks O 172.16.102.1/32 [110/2] via 172.16.12.2, 00:14:12, FastEthernet0/0.12 R2(config-router)#do sh ip route ospf 172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks O 172.16.101.1/32 [110/2] via 172.16.12.1, 00:00:07, FastEthernet0/0.12 10.0.0.0/32 is subnetted, 1 subnets O 10.10.10.1 [110/2] via 172.16.12.1, 00:00:07, FastEthernet0/0.12
Now I am going to apply a distribute-list to filter R1's Loopback0 (172.16.101.1/32) specially from R1 using the gateway option.
R2(config)#ip prefix-list Loop deny 172.16.101.1/32
R2(config)#ip prefix-list Loop permit 0.0.0.0/0 le 32
R2(config)#
R2(config)#ip prefix-list R1 permit 172.16.12.1/32
R2(config)#
R2(config)#router ospf 1
R2(config-router)#distribute-list prefix Loop gateway R1 in
!-- verification; as shown 172.16.101.1/32 is filtered
R2(config-router)#do sh ip route ospf
10.0.0.0/32 is subnetted, 1 subnets
O 10.10.10.1 [110/2] via 172.16.12.1, 00:00:05, FastEthernet0/0.12
I just want to spot one point here; the gateway option uses the Next-Hop address of the route and not the router-id as used in the distance command.