passive - distribute-list help!!!!!

Answered Question
Feb 20th, 2009
User Badges:

Hello All,


I have a situation and I need help. I don't want the WAN router to learn a subnet that is coming out of two LAN routers (10.10.10.0/24) and let other ones through (see diagram) I was thinking about passive-interface with a distribute-list, but because of the type of switches (Cat6k-MSFC2) I don't know how to apply it. Any suggestion would be greatly appreciated.


Thank you very much for your assistance.


Cheers!!!



Attachment: 
Correct Answer by Edison Ortiz about 8 years 2 months ago

Mauricio,


Per your diagram, you will apply the distribute-list in under the EIGRP process in the WAN router, pointing to the interface that is connected to the L2 switch.


The list will reference an ACL that blocks 10.10.10.0/24 and then permit any


Please refer to the documentation on the syntax:


http://www.cisco.com/en/US/docs/ios/iproute/command/reference/irp_pi1.html#wp1018093


HTH,


__


Edison.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Richard Burts Fri, 02/20/2009 - 12:58
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Mauricio


I believe that there is some confusion in your question. You say that you are thinking about using passive-interface with a distribute-list. But passive-interface does not work with distribute-list. If you have passive-interface then the router learns no routing updates on that interface. With a distribute-list the router can learn certain routes through the interface but does not learn certain other routes. From your description I believe that you need distribute-list and not passive-interface.


HTH


Rick

mguzman4158 Fri, 02/20/2009 - 13:03
User Badges:

Thanks Rick, now where and how would apply the distribute-list?


Cheers!

Correct Answer
Edison Ortiz Fri, 02/20/2009 - 13:20
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

Mauricio,


Per your diagram, you will apply the distribute-list in under the EIGRP process in the WAN router, pointing to the interface that is connected to the L2 switch.


The list will reference an ACL that blocks 10.10.10.0/24 and then permit any


Please refer to the documentation on the syntax:


http://www.cisco.com/en/US/docs/ios/iproute/command/reference/irp_pi1.html#wp1018093


HTH,


__


Edison.


Actions

This Discussion