Hi Rene,Can i get the answer/steps for this lab?
OSPF Suppress Forward Address
Scenario:
You are the senior network engineer for a company that runs the show "Two and a half Router". To increase OSPF performance your colleague has implemented a NSSA area and some prefix filters. Strangely enough you now have problems with reachability. Let's see what you can do about it.
Goal:
- All IP addresses have been preconfigured for you.
- Configure OSPF and use the correct areas. Ensure Area 1 is a NSSA.
- Configure RIP between router Charlie and Evelyn.
- Create a loopback0 interface on router Evelyn with IP address 1.1.1.1 /24 and advertise it in RIP.
- Redistribute between RIP and OSPF.
- Configure a prefix-list on router Jake which filters network 192.168.13.0 /24.
- Ensure you can still reach network 1.1.1.0 /24 from all routers without removing the prefix-list. You are only allowed to use OSPF commands.
IOS:
c3640-jk9s-mz.124-16.bin
Topology:
You need to register to download the GNS3 Topology File. (Registration is Free!)
- Related Articles
Only registered users can write comments!
Comments (13)
-
ReneMolenaar 2011-09-26 23:14:00This one is a bit tricky, I don't have time now to post the video/solution but I'll help you a little here.
Once you have configured everything you'll notice you have reachability issues. You can confirm why this is happening by using the show ip ospf database external command. Look for the advertising router and the forward address. This should tell you what is going wrong.
You can solve it by suppressing the forward address. It's a little tricky where to find the command but look in the direction of the area nssa translate type7 command.
Good luck!
-
baloo247 2011-09-27 12:14:25I think I have this, but I dont have the routes.
1. For filtering I've configured a prefix list to deny 192.168.13.0/24, and then associated this with a distribute list in on my ospf process.
2. I've then checked both the route table and my OSPF DB, and I can still see i'm referencing the 13.3 router - so all good to this point, it wont work I'm happy.
3. I then apply the supress forwarding, on jake - I can see that my advertising router is 13.1 which is alan, and my forwarding address is 0.0.0.0 but i still have no route.
What am I missing? give me a clue and not the answer - I want to figure this out.
-
baloo247 2011-09-27 12:15:38
sorry my supress fowarding is on alan not jake, as I've stated above.
-
aspeetah 2011-10-27 22:58:43I think you need to apply the route-map to filter incoming updates not 'out' in the ospf process on Jake.
-
angipp01 2011-10-24 01:17:03I stil don't understand.
This is my config from Jake. Once I apply the filter in the area router Berta no longer see the RIP network. Therefore Berta cannot ping 1.1.1.1.
hostname Jake
!
interface FastEthernet0/0
ip address 192.168.12.2 255.255.255.0
ip ospf 1 area 0
!
interface FastEthernet1/0
ip address 192.168.24.2 255.255.255.0
ip ospf 1 area 2
!
router ospf 1
area 0 filter-list prefix filter out
!
ip prefix-list filter seq 10 deny 192.168.13.0/24
ip prefix-list filter seq 20 permit 0.0.0.0/0 le 32
-
ReneMolenaar 2011-10-24 15:33:10
There's a certain trick to this lab to finish it. I'm a little busy but I'll try to record the solution asap.
-
dheer 2011-10-31 15:00:52Hi,
i have solved this lab by using clue given by Rene. Configured area 1 nssa translate type7 suppress-fa command in Alan after configuring prefix list in Jake. It had made forwarding address to 0.0.0.0 and then router Berta is able to ping 1.1.1.1
Configured mutual redistribution between ospf and rip on Charlie and it worked out.
-
angipp01 2011-11-21 05:54:46
Thanks guys for your help.. I eventually had time to come back and do the lab again. This was a good lab... I don't think it will be on the CCNP lab.
-
ReneMolenaar 2011-11-24 20:38:17
Hi Guys,
Good to hear you figured it out. I've been so busy that I didn't have time to record the video yet. This one is way above CCNP level, it's CCIE ;D
Rene
-
sameer786 2012-02-17 17:54:57Hi,
I tried this topology and was successfull but i have some doubts.
1. When i make a filter list on Jake still i can see the route of 192.168.13.0 in the routing table of jake and i can reach 1.1.1.1.My Filter is mentioned below
area 0 filter-list prefix filter in
ip prefix-list filter seq 10 deny 192.168.13.0/24
ip prefix-list filter seq 20 permit 0.0.0.0/0 le 32
I think the route should not be there......2. When i enable suppress forward address on the Alan i see in the ospf external database that the forward address is changed to 0.0.0.0 but my question is why i suppress the forward address even i can reach 1.1.1.1
-
jimmyp1983 2012-03-01 17:59:42I can ping 1.1.1.1 while filtering 192.168.13.0/24 via this config:
On ALAN:
router ospf 1
log-adjacency-changes
area 1 nssa translate type7 suppress-fa
network 192.168.12.0 0.0.0.255 area 0
network 192.168.13.0 0.0.0.255 area 1On Jake:
router ospf 1
log-adjacency-changes
network 192.168.12.0 0.0.0.255 area 0
network 192.168.24.0 0.0.0.255 area 2
distribute-list prefix 10 in
!
!
ip prefix-list 10 seq 15 deny 192.168.13.0/24
ip prefix-list 10 seq 20 permit 0.0.0.0/0 le 32
-
Dardoufa 2012-05-16 17:46:42Hello all!
Good lab! From my understanding the filter-list on Jake should be applied "out" of area 0 - anything leaving area 0 and going into any other area, in this case there is only area 2 connected to Jake. The same should be achieved by a filter-list "in" on area 2.As I understand, forward suppression on Alan, causes the "Forward Address" on the ospf database external to point to 0.0.0.0, which in turn means: when looking for the prefix 1.1.1.0/24 (external network) go to the advertising OSPF router, which is the ABR router translating Type7 LSAs into Type5 (namely Jake).