Limiting the routes out a particular interface (EIGRP)

Unanswered Question
Feb 14th, 2007

Say I've got multiple interfaces, and my EIGRP topology table is large. We have a connection to a sister office, but don't want that office (and only that office) to have all the routes in the topology table... perhaps just one route. What commands would I put on that interface to tell it to only propogate out the routes that I choose?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (3 ratings)
Loading.
royalblues Wed, 02/14/2007 - 11:25

Friend,

you can use distribute list for this

eg.

router eigrp 100

distribute-list 10 serial 2/0 out

access-list 10 permit

This will restric the updates sent to the neighbor connected over the serial 2/0

HTH, rate if it does

Narayan

sundar.palaniappan Wed, 02/14/2007 - 11:42

Jake,

It sounds like, as per your original post, you were looking for a command to configure under the interface that would limit only one route to be advertised to the remote office. Configuring 'ip summary-address eigrp (AS_#) 0.0.0.0 0.0.0.0' would suppress all the routes but the default route if a default route exists in the routing table. In a single WAN connection at the remote office this is all they need to route all unknown traffic to your HO.

HTH

Sundar

jnewton03 Wed, 02/14/2007 - 11:49

Say our topology table has the following:

10.64.10.x - LAN

10.64.32.x - WAN

192.168.10.x - DMZ

I want all routers in the LAN and WAN to share the same topology table. Now we have a correspondent who needs to know how to get to our WAN and has agreed to peer with us via EIGRP out interface Serial0/1.20. However, they don't need to know the routes to our DMZ or LAN, just the WAN. Therefore I would need to place a command on Serial0/1.20 to distribute-list only the WAN (10.64.32.x) routes.

sundar.palaniappan Wed, 02/14/2007 - 11:56

That would require using a distribute list, as stated by Narayan earlier, to limit advertising just your LAN out that int.

HTH

Sundar

jnewton03 Thu, 02/22/2007 - 06:59

I appear to be having problems when trying to use multiple distribute-list commands under EIGRP. Here is the config:

interface Serial4/0

description connection to DR

ip address 192.168.170.101 255.255.255.252

no ip redirects

no ip unreachables

no ip proxy-arp

interface FastEthernet5/0

description connection to Sister_Company

ip address 192.168.170.253 255.255.255.252

duplex auto

speed auto

router eigrp 64

network 10.0.0.0

network 192.168.168.0

network 192.168.170.0

no auto-summary

distribute-list 90 out

distribute-list 80 out FastEthernet5/0

redistribute static

access-list 80 remark Restrict Routes to Sister_Company

access-list 80 permit 10.64.0.0 0.0.255.255

access-list 80 permit 192.168.10.0 0.0.0.255

access-list 90 remark Restrict route from Sister company to rest of WAN

access-list 90 deny 170.132.0.0 0.0.255.255

access-list 90 permit any

What I'm trying to do is when we peer via EIGRP with our sister company, we only send them the two specified routes (10.64.0.0 and 192.168.10.0) and the route we receive from them (lets call it 170.132.0.0) doesn't propogate to rest of the routers connected (I left off those interface configs).

If I do just one distribute-list command it seems to do what I want, but when using multiple, it starts to act up. Any ideas?

jnewton03 Thu, 02/22/2007 - 07:57

Globally. Once that route (170.132.0.0) is received from the sister company, I want it to stop that this router. I do not wish it to be propogated to any other routes connected to this one.

royalblues Thu, 02/22/2007 - 08:00

I think then the best way is to configure a single distribute list and deny this subnet and permit everything else.

HTH, rate if it does

Narayan

jnewton03 Thu, 02/22/2007 - 08:04

But I believe I need two ACLs. One to permit JUST 10.64.0.0 and 192.168.10.0 out FastEthernet5/0 and one to deny JUST 170.132.0.0 out all interfaces. Is my thinking incorrect?

royalblues Thu, 02/22/2007 - 08:10

you can do something like this.

access-list 1 deny host 170.132.0.0

access-list 1 permit host 10.64.0.0

access-list 1 permit host 192.168.10.0

access-list 2 deny host 170.132.0.0

access-list 2 permit any

router eigrp 100

distribute-list 1 out fa 0/0

distribute-list 2 out s 0/0

distribute-list 2 out fa 0/1

The same access-list can be referenced for multiple interfaces.

HTH, rate if it does

Narayan

jnewton03 Thu, 02/22/2007 - 08:13

This is not for single hosts, though. It is for entire networks 10.64.0.0/16 192.168.10.0/24 and 170.132.0.0/16. I guess I'm a little confused by your access-lists.

royalblues Thu, 02/22/2007 - 08:16

Sorry for the typo

use the following instead

you can do something like this.

access-list 1 deny 170.132.0.0 0.0.255.255

access-list 1 permit 10.64.0.0 0.0.255.255

access-list 1 permit 192.168.10.0 0.0.0.255

access-list 2 deny 170.132.0.0 0.0.255.255

access-list 2 permit any

router eigrp 100

distribute-list 1 out fa 0/0

distribute-list 2 out s 0/0

distribute-list 2 out fa 0/1

HTH, rate if it does

Narayan

jnewton03 Thu, 02/22/2007 - 08:19

My apologies, but I'm still a bit confused.

Out interface Fa5/0 I would like to send only 10.64.0.0/16 and 192.168.10.0/24 and nothing else. Out every other interface I want to send everything except for 170.132.0.0/16. In other words, I don't see why this command is necessary:

access-list 1 deny 170.132.0.0 0.0.255.255

royalblues Thu, 02/22/2007 - 08:23

This is because you want to send all routes except the above one. so the deny statement is required for access-list 2 and apply the list to the required interfaces

You can however remove the entry from access-list 1 nad apply the list to fa 5/0.

HTH, rate if it does

Narayan

ruwhite Thu, 02/22/2007 - 08:32

Just to provide an alternate way to do this, though I won't provide a config.... You could use a route map, and include multiple access lists within the route map, using the route map to filter the routes allowed out different interfaces.

Just another option....

:-)

Russ

Actions

This Discussion