02-14-2007 11:19 AM - edited 03-03-2019 03:46 PM
Say I've got multiple interfaces, and my EIGRP topology table is large. We have a connection to a sister office, but don't want that office (and only that office) to have all the routes in the topology table... perhaps just one route. What commands would I put on that interface to tell it to only propogate out the routes that I choose?
02-14-2007 11:25 AM
Friend,
you can use distribute list for this
eg.
router eigrp 100
distribute-list 10 serial 2/0 out
access-list 10 permit
This will restric the updates sent to the neighbor connected over the serial 2/0
HTH, rate if it does
Narayan
02-14-2007 11:42 AM
Jake,
It sounds like, as per your original post, you were looking for a command to configure under the interface that would limit only one route to be advertised to the remote office. Configuring 'ip summary-address eigrp (AS_#) 0.0.0.0 0.0.0.0' would suppress all the routes but the default route if a default route exists in the routing table. In a single WAN connection at the remote office this is all they need to route all unknown traffic to your HO.
HTH
Sundar
02-14-2007 11:49 AM
Say our topology table has the following:
10.64.10.x - LAN
10.64.32.x - WAN
192.168.10.x - DMZ
I want all routers in the LAN and WAN to share the same topology table. Now we have a correspondent who needs to know how to get to our WAN and has agreed to peer with us via EIGRP out interface Serial0/1.20. However, they don't need to know the routes to our DMZ or LAN, just the WAN. Therefore I would need to place a command on Serial0/1.20 to distribute-list only the WAN (10.64.32.x) routes.
02-14-2007 11:56 AM
That would require using a distribute list, as stated by Narayan earlier, to limit advertising just your LAN out that int.
HTH
Sundar
02-22-2007 06:59 AM
I appear to be having problems when trying to use multiple distribute-list commands under EIGRP. Here is the config:
interface Serial4/0
description connection to DR
ip address 192.168.170.101 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
interface FastEthernet5/0
description connection to Sister_Company
ip address 192.168.170.253 255.255.255.252
duplex auto
speed auto
router eigrp 64
network 10.0.0.0
network 192.168.168.0
network 192.168.170.0
no auto-summary
distribute-list 90 out
distribute-list 80 out FastEthernet5/0
redistribute static
access-list 80 remark Restrict Routes to Sister_Company
access-list 80 permit 10.64.0.0 0.0.255.255
access-list 80 permit 192.168.10.0 0.0.0.255
access-list 90 remark Restrict route from Sister company to rest of WAN
access-list 90 deny 170.132.0.0 0.0.255.255
access-list 90 permit any
What I'm trying to do is when we peer via EIGRP with our sister company, we only send them the two specified routes (10.64.0.0 and 192.168.10.0) and the route we receive from them (lets call it 170.132.0.0) doesn't propogate to rest of the routers connected (I left off those interface configs).
If I do just one distribute-list command it seems to do what I want, but when using multiple, it starts to act up. Any ideas?
02-22-2007 07:54 AM
Friend,
To which interface you have applied the list 90
Narayan
02-22-2007 07:57 AM
Globally. Once that route (170.132.0.0) is received from the sister company, I want it to stop that this router. I do not wish it to be propogated to any other routes connected to this one.
02-22-2007 08:00 AM
I think then the best way is to configure a single distribute list and deny this subnet and permit everything else.
HTH, rate if it does
Narayan
02-22-2007 08:04 AM
But I believe I need two ACLs. One to permit JUST 10.64.0.0 and 192.168.10.0 out FastEthernet5/0 and one to deny JUST 170.132.0.0 out all interfaces. Is my thinking incorrect?
02-22-2007 08:10 AM
you can do something like this.
access-list 1 deny host 170.132.0.0
access-list 1 permit host 10.64.0.0
access-list 1 permit host 192.168.10.0
access-list 2 deny host 170.132.0.0
access-list 2 permit any
router eigrp 100
distribute-list 1 out fa 0/0
distribute-list 2 out s 0/0
distribute-list 2 out fa 0/1
The same access-list can be referenced for multiple interfaces.
HTH, rate if it does
Narayan
02-22-2007 08:13 AM
This is not for single hosts, though. It is for entire networks 10.64.0.0/16 192.168.10.0/24 and 170.132.0.0/16. I guess I'm a little confused by your access-lists.
02-22-2007 08:16 AM
Sorry for the typo
use the following instead
you can do something like this.
access-list 1 deny 170.132.0.0 0.0.255.255
access-list 1 permit 10.64.0.0 0.0.255.255
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 2 deny 170.132.0.0 0.0.255.255
access-list 2 permit any
router eigrp 100
distribute-list 1 out fa 0/0
distribute-list 2 out s 0/0
distribute-list 2 out fa 0/1
HTH, rate if it does
Narayan
02-22-2007 08:19 AM
My apologies, but I'm still a bit confused.
Out interface Fa5/0 I would like to send only 10.64.0.0/16 and 192.168.10.0/24 and nothing else. Out every other interface I want to send everything except for 170.132.0.0/16. In other words, I don't see why this command is necessary:
access-list 1 deny 170.132.0.0 0.0.255.255
02-22-2007 08:23 AM
This is because you want to send all routes except the above one. so the deny statement is required for access-list 2 and apply the list to the required interfaces
You can however remove the entry from access-list 1 nad apply the list to fa 5/0.
HTH, rate if it does
Narayan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide