cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
850
Views
13
Helpful
15
Replies

Limiting the routes out a particular interface (EIGRP)

jnewton03
Level 1
Level 1

Say I've got multiple interfaces, and my EIGRP topology table is large. We have a connection to a sister office, but don't want that office (and only that office) to have all the routes in the topology table... perhaps just one route. What commands would I put on that interface to tell it to only propogate out the routes that I choose?

15 Replies 15

royalblues
Level 10
Level 10

Friend,

you can use distribute list for this

eg.

router eigrp 100

distribute-list 10 serial 2/0 out

access-list 10 permit

This will restric the updates sent to the neighbor connected over the serial 2/0

HTH, rate if it does

Narayan

Jake,

It sounds like, as per your original post, you were looking for a command to configure under the interface that would limit only one route to be advertised to the remote office. Configuring 'ip summary-address eigrp (AS_#) 0.0.0.0 0.0.0.0' would suppress all the routes but the default route if a default route exists in the routing table. In a single WAN connection at the remote office this is all they need to route all unknown traffic to your HO.

HTH

Sundar

Say our topology table has the following:

10.64.10.x - LAN

10.64.32.x - WAN

192.168.10.x - DMZ

I want all routers in the LAN and WAN to share the same topology table. Now we have a correspondent who needs to know how to get to our WAN and has agreed to peer with us via EIGRP out interface Serial0/1.20. However, they don't need to know the routes to our DMZ or LAN, just the WAN. Therefore I would need to place a command on Serial0/1.20 to distribute-list only the WAN (10.64.32.x) routes.

That would require using a distribute list, as stated by Narayan earlier, to limit advertising just your LAN out that int.

HTH

Sundar

I appear to be having problems when trying to use multiple distribute-list commands under EIGRP. Here is the config:

interface Serial4/0

description connection to DR

ip address 192.168.170.101 255.255.255.252

no ip redirects

no ip unreachables

no ip proxy-arp

interface FastEthernet5/0

description connection to Sister_Company

ip address 192.168.170.253 255.255.255.252

duplex auto

speed auto

router eigrp 64

network 10.0.0.0

network 192.168.168.0

network 192.168.170.0

no auto-summary

distribute-list 90 out

distribute-list 80 out FastEthernet5/0

redistribute static

access-list 80 remark Restrict Routes to Sister_Company

access-list 80 permit 10.64.0.0 0.0.255.255

access-list 80 permit 192.168.10.0 0.0.0.255

access-list 90 remark Restrict route from Sister company to rest of WAN

access-list 90 deny 170.132.0.0 0.0.255.255

access-list 90 permit any

What I'm trying to do is when we peer via EIGRP with our sister company, we only send them the two specified routes (10.64.0.0 and 192.168.10.0) and the route we receive from them (lets call it 170.132.0.0) doesn't propogate to rest of the routers connected (I left off those interface configs).

If I do just one distribute-list command it seems to do what I want, but when using multiple, it starts to act up. Any ideas?

Friend,

To which interface you have applied the list 90

Narayan

Globally. Once that route (170.132.0.0) is received from the sister company, I want it to stop that this router. I do not wish it to be propogated to any other routes connected to this one.

I think then the best way is to configure a single distribute list and deny this subnet and permit everything else.

HTH, rate if it does

Narayan

But I believe I need two ACLs. One to permit JUST 10.64.0.0 and 192.168.10.0 out FastEthernet5/0 and one to deny JUST 170.132.0.0 out all interfaces. Is my thinking incorrect?

you can do something like this.

access-list 1 deny host 170.132.0.0

access-list 1 permit host 10.64.0.0

access-list 1 permit host 192.168.10.0

access-list 2 deny host 170.132.0.0

access-list 2 permit any

router eigrp 100

distribute-list 1 out fa 0/0

distribute-list 2 out s 0/0

distribute-list 2 out fa 0/1

The same access-list can be referenced for multiple interfaces.

HTH, rate if it does

Narayan

This is not for single hosts, though. It is for entire networks 10.64.0.0/16 192.168.10.0/24 and 170.132.0.0/16. I guess I'm a little confused by your access-lists.

Sorry for the typo

use the following instead

you can do something like this.

access-list 1 deny 170.132.0.0 0.0.255.255

access-list 1 permit 10.64.0.0 0.0.255.255

access-list 1 permit 192.168.10.0 0.0.0.255

access-list 2 deny 170.132.0.0 0.0.255.255

access-list 2 permit any

router eigrp 100

distribute-list 1 out fa 0/0

distribute-list 2 out s 0/0

distribute-list 2 out fa 0/1

HTH, rate if it does

Narayan

My apologies, but I'm still a bit confused.

Out interface Fa5/0 I would like to send only 10.64.0.0/16 and 192.168.10.0/24 and nothing else. Out every other interface I want to send everything except for 170.132.0.0/16. In other words, I don't see why this command is necessary:

access-list 1 deny 170.132.0.0 0.0.255.255

This is because you want to send all routes except the above one. so the deny statement is required for access-list 2 and apply the list to the required interfaces

You can however remove the entry from access-list 1 nad apply the list to fa 5/0.

HTH, rate if it does

Narayan

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco