Brocade Virtual ADX Switch and Router Guide (Supporting ADX v03.1.00) User Manual

Page 140

Advertising
background image

126

Brocade Virtual ADX Switch and Router Guide

53-1003246-01

Configuring OSPF

6

The first three commands configure an extended ACL that denies routes to any 10.x.x.x destination
network with a 255.255.0.0 network mask and allows all other routes for eligibility to be installed
in the IP route table. The last three commands change the CLI to the OSPF configuration level and
configure an OSPF distribution list that uses the ACL as input. The distribution list prevents routes
to any 10.x.x.x destination network with network mask 255.255.0.0 from entering the IP route
table. The distribution list does not prevent the routes from entering the OSPF database.

Syntax: [no] ip access-list extended acl-name | acl-id

Syntax: deny | permit ip-protocol source-ip wildcard destination-ip wildcard

The acl-name | acl-id parameter specifies the ACL name or ID.

The deny | permit parameter indicates whether packets that match the policy are dropped or
forwarded.

The ip-protocol parameter indicates the type of IP packet you are filtering. When using an extended
ACL as input for an OSPF distribution list, specify ip.

The source-ip wildcard parameter specifies the source address for the policy. Since this ACL is
input to an OSPF distribution list, the source-ip parameter actually is specifying the destination
network of the route.

The wildcard parameter specifies the portion of the source address to match against. The wildcard
is a four-part value in dotted-decimal notation (IP address format) consisting of ones and zeros.
Zeros in the mask mean the packet’s source address must match the source-ip. Ones mean any
value matches. For example, the source-ip and wildcard values 10.0.0.0 0.255.255.255 mean
that all 10.x.x.x networks match the ACL.

If you want the policy to match on all network addresses, enter any any.

If you prefer to specify the wildcard (mask value) in Classless Interdomain Routing (CIDR) format,
you can enter a forward slash after the IP address, then enter the number of significant bits in the
mask. For example, you can enter the CIDR equivalent of “10.0.0.0 0.255.255.255” as
“10.0.0.0/8”. The CLI automatically converts the CIDR number into the appropriate ACL mask
(where zeros instead of ones are the significant bits) and changes the non-significant portion of the
IP address into zeros.

NOTE

If you enable the software to display IP subnet masks in CIDR format, the mask is saved in the file in
“/mask-bits” format. To enable the software to display the CIDR masks, enter the ip
show-subnet-length command at the global CONFIG level of the CLI. You can use the CIDR format to
configure the ACL entry regardless of whether the software is configured to display the masks in
CIDR format.

If you use the CIDR format, the ACL entries appear in this format in the running-config and
startup-config files, but are shown with subnet mask in the display produced by the show ip
access-list commands.

Virtual ADX(config)# ip access-list extended no_ip

Virtual ADX(config-ext-nacl)# deny ip 10.0.0.0 0.255.255.255 255.255.0.0

0.0.255.255

Virtual ADX(config-ext-nacl)# permit ip any any

Virtual ADX(config-ext-nacl)# exit

Virtual ADX(config)# router ospf

Virtual ADX(config-ospf-router)# distribute-list no_ip in

Advertising