EIGRP Route Filtering

Answered Question
Oct 25th, 2011

Hi,

We have an EIGRP network that we need to connect to a 3rd party. We've agreed that the 3rd Party will join our EIRGP AS so we can swap dynamic routes, however, I want to filter the routes they send to be absolutely sure we don't recevie any unauthorised routes if they

inadvertently make a config mistake.

I know I can apply an inboud distribute list, however, I suspect this would apply to the whole EIGRP process. As there are only really 2 routes that I need to receive from the 3rd party network I was hoping that I could apply a distribute list that only applies to the 3rd party router (ie, appy the distribute list to the ethernet interface which connects to the 3rd party network).

Is this possible?? Or is there a better alternative?? (I've considered redistributing to another protocol or EIGRP AS but would like to avoid this if possible).

Any help greatfully received.

I have this problem too.
0 votes
Correct Answer by Reza Sharifi about 2 years 5 months ago

Do you have access to the router to see if you can apply the filter inbound per neighbor?

router eigrp 1

 network 192.168.0.0

 neighbor 192.168.1.1 Ethernet 0/0 distribute-list test in

If not then you would need to do it per vrf/address family

http://www.cisco.com/en/US/docs/ios/12_2/iproute/command/reference/1rfeigrp.html#wp1030091

HTH

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
Richard Burts Tue, 10/25/2011 - 11:10

It is possible to apply a distribute list to a specific interface when using EIGRP as the routing protocol. Here is a reference in Cisco documentation:

To filter networks received in updates, use the distribute-list in command in address family or router configuration mode. To disable this function, use the no form of this command.

distribute-list {access-list-number | prefix prefix-list-name [gateway prefix-list-name]} in [interface-type interface-number]

Here is the URL if you want more detail:

http://www.cisco.com/en/US/partner/docs/ios/12_2/iproute/command/reference/1rfeigrp.html#wp1030091

HTH

Rick

BlueyVIII Tue, 10/25/2011 - 11:19

Thanks Rick - When I click that link I get a "Forbidden File or Application" error.....

BlueyVIII Tue, 10/25/2011 - 12:03

Thanks Guys - For the link Rick posted I tried using my CCO login but it still didn't work.

Reza, the link you posted works but I'm not sure which command I should be referencing??

BlueyVIII Wed, 11/09/2011 - 08:49

Thanks for the reply Reza...just one more query before I implement this.

If I add the command "neigbour 192.168.1.1 Ethernet 0/0 distribution-list test in" will my router ignore all of the other neighbour routers or will the other routers continue to operate as normal and only this neighbour will have the distribute list appled?









Reza Sharifi Wed, 11/09/2011 - 09:17

The distribute-list applies only to the neighbor that is connected to this interface (in this example Ethernet 0/0 ).

it does not effect any other neighbor.

HTH

Actions

Login or Register to take actions

This Discussion

Posted October 25, 2011 at 10:30 AM
Stats:
Replies:8 Avg. Rating:5
Views:659 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard

Rank Username Points
1 15,007
2 8,150
3 7,725
4 7,083
5 6,742
Rank Username Points
165
82
70
69
55