EIGRP ACL change - help

Unanswered Question
Apr 3rd, 2007

Exisitng EIGRP networks config'd on *REMOTE* router but need to add other networks to EIGRP w/out locking myself out.

As this is prod router, an outage cannot occur. Here are steps which is the long way of doing it:

1. remove ALL distribute-lists from eigrp 40

router eigrp 40

no distribute-list outbound_filter out atm1/0.x

2. add net network(s) to ip access-list standard outbound_filter

ip access-list standard outbound_filter



3. ADD distribute-lists eigrp 40 to router again

router eigrp 40

distribute-list outbound_filter out atm1/0.x

Is there any easier way to add these network w/out having to remove / add dist lists AND w/out locking myself out?

Below is EXISTING router config:

router eigrp 40


distribute-list outbound_filter out ATM1/0.1

distribute-list outbound_filter out ATM1/0.5

distribute-list outbound_filter out ATM1/0.10

no auto-summary

no eigrp log-neighbor-changes

ip access-list standard outbound_filter

permit 0.0.255

permit 456.456.456.0

permit 789.789.789.0

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
m-haddad Tue, 04/03/2007 - 15:25


You should be able to add lines to the ACL wihtout the requirements to remove and re-apply the distribution list.

Hope this helps,


Appreciate your rating,


Paolo Bevilacqua Tue, 04/03/2007 - 15:56

m-haddad is correct, you can modify the ACL without locking you out because these are 'add only ACL'.

There is a technique however that I would like to share with you and can be useful in many situations when you risk locking you out because a configuration mistake.

Schedule a reload like in 10 minutes with "reload in ..". If everything goes well, cancel the reload and save the configuration. If it doesn't, well just wait for the router to reboot with the pre-changes configuration.

Please take a moment to rate this post if useful, using the scrollbox below!

IVAN PEPELNJAK Wed, 04/04/2007 - 01:19

You can just add lines to the IP access list and clear EIGRP neighbors after you're done to make sure they get the new networks.

Alternatively, you could have the new access-list prepared on a server (including the "no ip access-list standard outbound-filter" in front of it) and download it to the router.


This Discussion