How can I stop OSPF from publishing routes to Private IP ranges?
I havn’t added the private IP ranges into the ospf area in “/routing ospf network” but they can still be seen in the routing tables of other routers. The area is displayed as “unknown” in the ospf routing table on the other routers.
All routers are either v3.10 or v3.11
If you need more information let me know.
Regards,
“/routing ospf network” defines ranges, and when addresses on some interface are in these ranges, the interface participates in OSFP distribution, and distributes all routes. if you want to filter some routes, you must use “/routing filter”
I cant find much information regarding “/routing filter”
Could you or anyone provide an example of how to stop a specific subnet from being distributed via OSPF?
Cheers
Don’t worry it’s actually very straight forward:
e.g.
/routing filter add chain=ospf-out prefix=10.6.50.0/24 action=discard
Cheers.
Hello. I have a following problem.
I have a router with 3 interfaces and OSPF routing enabled. I need to hide one of the interfaces from other routers.
I’ve tried everything:
But this seemed not enough.
My setup looks like this:
Interfaces
# NAME TYPE RX-RATE TX-RATE MTU
0 R KN ether 0 0 1500
1 R MainGate ether 0 0 1500
2 X 702 ether 0 0 1500
Addresses
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.108.254/24 192.168.108.0 192.168.108.255 KN # local network
1 192.168.105.34/24 192.168.105.0 192.168.105.255 MainGate # Local network to backbone area
2 *.*.*.*/27 91.198.10.0 91.198.10.31 MainGate # real IP here
3 192.168.158.254/24 192.168.158.0 192.168.158.255 KN # local network
4 X 192.168.3.254/24 192.168.3.0 192.168.3.255 702 # This one should be hidden (currently disabled)
OSPF
/routing ospf interface print
0 interface=KN cost=10 priority=0 authentication-key="12345678"
network-type=broadcast retransmit-interval=5s transmit-delay=1s
hello-interval=10s dead-interval=40s
1 interface=MainGate cost=10 priority=0 authentication-key="12345678"
network-type=broadcast retransmit-interval=5s transmit-delay=1s
hello-interval=10s dead-interval=40s
/routing ospf network print
Flags: X - disabled, I - invalid
# NETWORK AREA
0 192.168.105.0/24 backbone
1 192.168.108.0/24 backbone
2 192.168.158.0/24 backbone
OSPF Filters
/routing filter print
Flags: X - disabled
0 chain=ospf-out prefix=192.168.3.0/24 type=ospf invert-match=no
action=discard
1 chain=ospf-out prefix=192.168.3.254 type=ospf invert-match=no
action=discard
2 chain=ospf-out prefix=192.168.3.0/24 prefix-length=24 type=ospf
invert-match=no action=discard
the problem is that when i disable 3.254 address then everything is OK:
1 <1 мс <1 мс <1 мс 192.168.122.254
2 <1 мс 1 ms 1 ms 192.168.105.13
3 192.168.105.13 reports: Destination host unreachable.
192.168.105.13 – our designated router (not under my control)
But when i enable it, i’ve got pings with “redirected” flag (currently i solved problem with firewall filters, but this is NOT OK). 3.x network should be hidden completely from outside.
Currently network is hidden (regardless of 3.254 address enabled) but 3.254 is visible.
Pls help.
PS: in routing table there is no records with 3.x addresses
any suggestions?
hm… ip firewall filter add chain=input dst-address=3.254 action=reject reject-with=icmp-network-unreachable ?
yes, I’ve setup this currently.
But this leads to 192.168.105.34 reports: destination host unreachable
…
but this is not what i need.
I need that this 3.x network should not be announced to 105.13 so 105.13 should reject with this message. ('Couse 105.13 is default GW here)
Put the interface you don’t require in passive mode. That essentially will disable OSPF on that single interface
Q. How do I stop individual interfaces from developing adjacencies in an OSPF network?
A. To stop routers from becoming OSPF neighbors on a particular interface, issue the passive-interface command at the interface.
In Internet service provider (ISP) and large enterprise networks, many of the distribution routers have more than 200 interfaces. Configuring passive-interface on each of the 200 interfaces can be difficult. The solution in such situations is to configure all the interfaces as passive by default using a single passive-interface default command. Then, configure individual interfaces where adjacencies are desired using the no passive-interface command. For more information, refer to Default Passive Interface Feature.
There are some known problems with the passive-interface default command. Workarounds are listed in Cisco bug ID CSCdr09263 ( registered customers only) .
http://www.cisco.com/en/US/tech/tk365/technologies_q_and_a_item09186a0080094704.shtml
Based on your original post, I presume this is what you’re looking for…
How could I accomplish that on MikroTik?
/routing ospf interface set 1 passive=yes
?
i didn’t add that interface to OSPF at all, that’s “702” interface and it’s not listed on OSPF
Are you sure that 192.168.105.13 is receiving an announcement for 192.168.3.0/24 or does it perhaps have a static route? See if someone can check its routing table and see if that route is being learned via OSPF, or see if it perhaps has a route for 192.168.0.0/16 pointing to 105.13.
192.168.105.13 DO NOT receive announcement for 192.168.3.0/24 but do receive for 192.168.3.254/32 (IP address on 702 interface of my router) This route is not listed in IP routes list on other OSPF servers, but when i do traceroute to 192.168.3.254 it goes (not dirrectly through my interface 105.34) through 192.168.105.13.
Is that happening because of presence of all IP addresses on router in OSPF hello packet?
Any way to hide this single address?