Solved: Distance command in Cisco IOS

tiagoquelhas · ‎05-10-2008

Dear group,

I am an MSc student in Electrotechnical Engineering and I am currently researching configuration commands in Cisco IOS for my thesis.

In particular, I am interested in setting the administrative distance of a route according to the route's destination prefix. I am aware of the "distance" command in the form:

distance {ip-address {wildcard-mask}} [ip-standard-list] [ip-extended-list]

which allows one to set the administrative distance of a route (within the configuration of a particular routing protocol) according to what Cisco's documentation [1] refers to as the "source of a route". The documentation is not very clear on what this means, but my interpretation is that it refers to the neighboring router from which the route in question was received. On the other hand, the book "Cisco IOS in a nutshell" says it refers to the route's destination address; confusingly, it also describes the command's syntax as

distance distance [address mask] [access-list]

which is missing one argument relative to the version above.

Since the two interpretations contradict each other, I wonder if you could provide me an answer to any of the following questions:

(i) What is the correct syntax of the "distance" command and, in particular, what do the ip-address and wildcard-mask parameters mean;

(ii) Is there any way, using this command or another one, to set a route's administrative distance based on the route's destination prefix/address?

Thanks in advance.

Best regards,

Tiago

[1] Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.2

Harold Ritter · ‎05-10-2008

Tiago,

I think what they mean to say is that the IP address + the wildcard-mask + the acl will be used to filter specific networks from a given neighbor or set of neighbors.

It is probably not as well put as it should, I agree but the ACL will clearly be applied against the received updates, whereas the ip address and wildcard-mask will be applied against the neighbor or set of neighbors.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

View solution in original post

Harold Ritter · ‎05-10-2008

Tiago,

Here's an example so it becomes easier to understand:

router eigrp 1

network 192.168.12.0

distance 120 192.168.12.2 0.0.0.0 2

!

access-list 2 permit 2.2.2.2

!

r1(config)#do sh ip ro

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C 192.168.12.0/24 is directly connected, Ethernet0/0

2.0.0.0/32 is subnetted, 1 subnets

D 2.2.2.2 [120/409600] via 192.168.12.2, 00:52:39, Ethernet0/0

D 192.168.23.0/24 [90/307200] via 192.168.12.2, 00:52:39, Ethernet0/0

r1(config)#

two updates are received from neighbor 192.168.12.2 but only the one that matches the ACL 2 has its AD changed to 120.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

View solution in original post

Harold Ritter · ‎05-10-2008

Tiago,

The correct form of the command, as per the latest IOS command reference, is:

distance distance ip-address wildcard-mask [ip-standard-acl | ip-extended-acl | access-list-name]

The IP address and wildcard-mask refer to the neighbor from which the updates are received.

The ACL matches the updates themselves and would therefore allow you to granulary set the AD values for a subset of routing updates coming from the neighbor or set of neighbors specified by the IP address and wildcard-mask.

Please refer to the IOS command reference for more information:

http://tools.cisco.com/Support/CLILookup/cltSearchAction.do?AT=gD&BM=t&CN="distance"&IndexOptionId=12.4T&IndexId=IOS

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

tiagoquelhas · ‎05-10-2008

Quoting the command reference you mentioned,

"When the optional access list name or number is used with this command, it is applied when a network is being inserted into the routing table. This behavior allows filtering of networks according to the IP address of the router that supplies the routing information."

it seems that the access list supplied to the "distance" command filters the updates according to the address of the neighbor they are received from --- not the destination address the update refers to, which is what I want. Can you confirm this behavior?

Thanks,

Tiago

Harold Ritter · ‎05-10-2008

Tiago,

I think what they mean to say is that the IP address + the wildcard-mask + the acl will be used to filter specific networks from a given neighbor or set of neighbors.

It is probably not as well put as it should, I agree but the ACL will clearly be applied against the received updates, whereas the ip address and wildcard-mask will be applied against the neighbor or set of neighbors.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

tiagoquelhas · ‎05-10-2008

Yes, I think that the documentation should be worded a bit more carefully.

In any case, thanks a lot for your help in clarifying this.

Best regards,

Tiago

Harold Ritter · ‎05-10-2008

Tiago,

I completely agree. I will convey the information to our documentation team. Thanks for bringing it up.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Harold Ritter · ‎05-10-2008

Tiago,

Here's an example so it becomes easier to understand:

router eigrp 1

network 192.168.12.0

distance 120 192.168.12.2 0.0.0.0 2

!

access-list 2 permit 2.2.2.2

!

r1(config)#do sh ip ro

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C 192.168.12.0/24 is directly connected, Ethernet0/0

2.0.0.0/32 is subnetted, 1 subnets

D 2.2.2.2 [120/409600] via 192.168.12.2, 00:52:39, Ethernet0/0

D 192.168.23.0/24 [90/307200] via 192.168.12.2, 00:52:39, Ethernet0/0

r1(config)#

two updates are received from neighbor 192.168.12.2 but only the one that matches the ACL 2 has its AD changed to 120.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México