Hello Diederik, hello Tom,
this is a simple lab/testing configuration, that's why there is no "passive"
and other...
The purpose of this configuration is to allow access to certain IP address and
restrict access to the rest of the subnet.
I can use PF to block/pass what I need... but I'm trying make sure if I can do
it by announcing "not more than needed" over OSPF.
"redistribute 10.1.111.11/32" seems to be what I need, but probally I missed
something, because this option doesn't work for me as expected.
$ cat /etc/ospfd.conf
router-id 10.109.3.15
redistribute 10.1.111.11/32
area 0.0.0.0 {
interface vr0
interface vr3
}
Then, I can still see/ping other IPs in 10.1.111.0/24 from the far end network.
On the far router I can see the whole subnet instead of somthing like " *O
32 10.1.111.11/24 10.109.3.15".
$ ospfctl show fib
flags: * = valid, O = OSPF, C = Connected, S = Static
Flags Prio Destination Nexthop
*S 8 0.0.0.0/0 10.109.3.254
*O 32 10.1.111.0/24 10.109.3.15
Any clues?
On Sat, 4 Feb 2023 23:16:57 +0000
Tom Smyth <tom.sm...@wirelessconnect.eu> wrote:
> Hi Radek,
>
> it is better practice to add ospf network statements to ospfd.conf
> (if you dont want to send / recieve ospf messages on an interface set the
> interface to passive in ospfd.conf
> avoid redistribute connected
> (add the network you want to be added to your ospf network) and leave the
> other network ommitted from your ospfd.conf
>
>
> I hope this helps,
>
>
> On Sat, 4 Feb 2023 at 20:02, Radek <r...@int.pl> wrote:
>
> > Hello,
> > is it possible to announce over OSPF only one (or a few specific) IP
> > address instead of the whole subnet?
> > If yes.. an ospfd.conf example would be appreciated.
> >
> > $ cat /etc/hostname.vr3
> > inet 10.1.111.1 255.255.255.0
> >
> > $ cat /etc/ospfd.conf
> > router-id 10.109.3.15
> > redistribute connected
> >
> > area 0.0.0.0 {
> > interface vr0
> > interface vr3
> > }
> >
> > Thanks,
> > Radek
> >
> >
>
> --
> Kindest regards,
> Tom Smyth.
Radek
