Distribute list on DMVPN spoke

Unanswered Question
Aug 20th, 2012
User Badges:

Hi,

I would need to apply a distribute list on a DMVPN spoke and not sure if that DL needs to be applied at the tunnel interface or the physical interface where the tunnel is sourced. Please let me know if you have any thoughts.



This is how the configuration looks at other branches that do not have DMVPN configured:


access-list 1 deny   0.0.0.0

access-list 1 permit any

access-list 2 permit 0.0.0.0

access-list 2 deny   any

router eigrp 1

distribute-list 2 in FastEthernet0/0

distribute-list 1 out FastEthernet0/0


Thanks,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Karsten Iwen Mon, 08/20/2012 - 13:12
User Badges:
  • Purple, 4500 points or more
  • Cisco Designated VIP,

    2017 Firewalling, VPN

If you want to control your routing between the spoke and the hub, you have to apply it for the tunnel-interface. Or more general: With the interface that is enabled for the routing-protocol.


And you should look at the prefix-lists instead of distribute-lists. They are much more flexible once you get used to them.


http://www.cisco.com/en/US/partner/tech/tk365/technologies_q_and_a_item09186a008012dac4.shtml#fourteen



-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Actions

This Discussion

Related Content