Re: Filtering/Poisoning ISIS injected 0.0.0.0/0 default route

From: san (san.study@gmail.com)
Date: Sun Jun 05 2005 - 04:30:03 GMT-3

• Next message: san: "Re: ISIS questions"
• Previous message: Sumit: "advertising Ipv4 routes between Ipv6 BGP peers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Long / Tim,

I retested the same today....could not stop default route using "no
set-attached-bit" under the ISIS process of L1/L2 which is attached to
L1 Rtr. (was able to stop with distance 255 in L1 router locally )

One more thing i found was, "distribute-list is not existing for ISIS
protocol" after further search DOC says "distribute-list" is only for
IP. (i assume it means only ip protocols not clns based protocols)
http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_command_reference_chapter09186a008017d027.html#wp1039755

((My option would be not to mess with this type in real exam. If i
have time, i will ask proctor.))

/SAN

On 5/30/05, Long Kwok <lkwok@ccieunix.com> wrote:
> I tried adding that to R2 under its router isis process , R2 is the one
> injecting the 0/0 route into R6 , so after removing the distance command
> under R6 and clear ip route * , and verifying that R6 does again have
> the 0/0 route , I added the no set-attatch-bit under R2's isis process
> and cleared ip route but R6 still gets the 0/0 route ???
>
> Long
>
> -----Original Message-----
> From: ccie2be [mailto:ccie2be@nyc.rr.com]
> Sent: Monday, May 30, 2005 9:06 AM
> To: Long Kwok; 'Bob Sinclair'; ccielab@groupstudy.com
> Subject: RE: Filtering/Poisoning ISIS injected 0.0.0.0/0 default route
> from L1 internal routers
>
> Long,
>
> What happens if you configure, no set-attach-bit under the isis routing
> process? Doesn't that prevent the default route from being advertised
> from
> a L1/L2 router to a L1 router?
>
> Tim
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Long
> Kwok
> Sent: Monday, May 30, 2005 11:58 AM
> To: Bob Sinclair; ccielab@groupstudy.com
> Subject: RE: Filtering/Poisoning ISIS injected 0.0.0.0/0 default route
> from
> L1 internal routers
>
> Thanks Bob,
>
> I believe though that when you set the attatched bit doesn't this tell a
> router to send a default route into L1 only devices ? I was doing a lab
> that was not permitted to have any form of default 0/0 routes on any
> routers unless explicitly permitted , and within the isis topology ,
> there was an L1/L2 router then behind this L1/L2 router is a few L1
> only routers , I believe by default this L1/L2 ABR if you will ,
> automatically injects a 0/0 route to its internal L1 only
> bretherin...... Thanks so much for reply Bob
>
>
>
> TIA Long
>
>
>
> _____
>
> From: Bob Sinclair [mailto:bsin@cox.net]
> Sent: Monday, May 30, 2005 5:47 AM
> To: Long Kwok; ccielab@groupstudy.com
> Subject: Re: Filtering/Poisoning ISIS injected 0.0.0.0/0 default route
> from L1 internal routers
>
>
>
> Long Kwok,
>
>
>
> Here is a config and link that permits conditional setting of the
> attached bit. I wonder if something along these lines would help.
>
> !
> router isis
> net 39.0001.0000.0000.7201.00
> set-attached-bit route-map CONDITION
> !
> route-map CONDITION
> match int loop101
> http://www.cisco.com/warp/public/cc/pd/iosw/prodlit/isis_an.htm
> Bob Sinclair
>
> CCIE #10427, CCSI 30427, CISSP
>
> www.netmasterclass.net
>
> ----- Original Message -----
>
> From: Long Kwok <mailto:lkwok@ccieunix.com>
>
> To: ccielab@groupstudy.com
>
> Sent: Sunday, May 29, 2005 3:03 PM
>
> Subject: Filtering/Poisoning ISIS injected 0.0.0.0/0 default
> route from L1 internal routers
>
>
>
> Hi,
>
> I have been trying to filter out the automatically injected
> 0.0.0.0/0
> route that the L2 border router injects into its L1 internal
> neighbors
> as I guess it would be considered cheating on lab and you cannot
> do that
> I was trying to filter via distance 255 under L1 routers isis
> router
> process but not working. Here is what I tried.
>
>
>
> Router isis
>
> Distance 255 0.0.0.0 255.255.255.255 1
>
>
>
> Access-list 1 deny 0.0.0.0 0.0.0.0
>
>
>
> Tia Long
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: san: "Re: ISIS questions"
• Previous message: Sumit: "advertising Ipv4 routes between Ipv6 BGP peers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:40 GMT-3