Eigrp route filter

Answered Question
Oct 11th, 2013
User Badges:

frame-realy eigrp.jpg.jpeg

Hello,


Eigrp running on all three routers R1 has some loopback address and it sending summary routes to both spoke r2 and r3, this two spoke router receving  summary routes but i want to receive specific routes on r2 this router already receving summary route from r1, is there any way to get specific(loop address) routes from r1 to r2 while it send summary route. Thanks in advance.

Correct Answer by sathvik k v about 3 years 10 months ago

Hi syed,



Leak-map  is a technique which is used  with summarization. It is used in the situations where you want to summarize routes but still want some routes to be preffered over others for some reasons. Leak map reffernces an access-list and whatever network is permitted in the access-list will be leaked along summary route.


Refer:http://deepakarora1984.blogspot.in/2012/03/eigrp-leak-maps.html

http://blog.ine.com/2007/12/26/how-do-prefix-lists-work/


Regards,

Sathvik K V

Correct Answer by cadet alain about 3 years 10 months ago

Hi,

on the Hub:


ip prefix-list LEAK permit 10.1.1.0/24

ip prefix-list LEAK permit 10.1.2.0/24

ip prefix-list LEAK permit 10.1.3.0/24

route-map LEAKMAP

match ip address prefix LEAK

interface s1/0

ip summary-address  eigrp 1 10.0.0.0 255.0.0.0 leak-map LEAKMAP


This will send the summary and the subnet routes to both spokes, you can filter on R3 inbound for the specific subnets using a distribute-list with a prefix-list.


Regards


Alain




Don't forget to rate helpful posts.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
cadet alain Fri, 10/11/2013 - 07:36
User Badges:
  • Purple, 4500 points or more

Hi,

on the Hub:


ip prefix-list LEAK permit 10.1.1.0/24

ip prefix-list LEAK permit 10.1.2.0/24

ip prefix-list LEAK permit 10.1.3.0/24

route-map LEAKMAP

match ip address prefix LEAK

interface s1/0

ip summary-address  eigrp 1 10.0.0.0 255.0.0.0 leak-map LEAKMAP


This will send the summary and the subnet routes to both spokes, you can filter on R3 inbound for the specific subnets using a distribute-list with a prefix-list.


Regards


Alain




Don't forget to rate helpful posts.

sathvik k v Fri, 10/11/2013 - 08:06
User Badges:

Hi syed,


The above solution should work


Leak-map  is a technique which is used  with summarization. It is used in the situations where you want to summarize routes but still want some routes to be preffered over others for some reasons. Leak map reffernces an access-list and whatever network is permitted in the access-list will be leaked along summary route.


Refer:http://deepakarora1984.blogspot.in/2012/03/eigrp-leak-maps.html


Regards,

Sathvik K V

feroz syed Fri, 10/11/2013 - 16:14
User Badges:

Hi, i try as u said but it didn't work, i change some new address on loopback. here is my config


Router1


R1#sh running-config

Building configuration...



Current configuration : 2494 bytes

!

upgrade fpd auto

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R1

!


!        

multilink bundle-name authenticated

 

!        

!        

ip tcp synwait-time 5

!        

!        

!        

!        

interface Loopback1

ip address 192.168.1.1 255.255.255.0

!        

interface Loopback2

ip address 192.168.2.1 255.255.255.0

!        

interface Loopback3

ip address 192.168.3.1 255.255.255.0

!        

interface Loopback4

ip address 192.168.4.1 255.255.255.0

!        

interface Loopback5

ip address 192.168.5.1 255.255.255.0

!        

interface FastEthernet0/0

no ip address

shutdown

duplex half

!        

interface Serial1/0

ip address 172.12.23.1 255.255.255.0

encapsulation frame-relay

no ip split-horizon eigrp 1

ip summary-address eigrp 1 192.168.0.0 255.255.248.0 5 leak-map LEAK

serial restart-delay 0

frame-relay map ip 172.12.23.2 102 broadcast

frame-relay map ip 172.12.23.3 103 broadcast

!        

interface Serial1/1

no ip address

shutdown

serial restart-delay 0

!        


!        

router eigrp 1

network 172.12.23.0 0.0.0.255

network 192.168.1.1 0.0.0.0

network 192.168.2.1 0.0.0.0

network 192.168.3.1 0.0.0.0

network 192.168.4.1 0.0.0.0

network 192.168.5.1 0.0.0.0

no auto-summary

!        

ip forward-protocol nd

no ip http server

no ip http secure-server

!        

!        

!        

!        

ip prefix-list LEAK seq 5 permit 192.168.1.0/24

ip prefix-list LEAK seq 10 permit 192.168.2.0/24

ip prefix-list LEAK seq 15 permit 192.168.3.0/24

ip prefix-list LEAK seq 20 permit 192.168.4.0/24

ip prefix-list LEAK seq 25 permit 192.168.5.0/24

!        

!        

!        

!        

route-map LEAKMAP permit 10

match ip address prefix-list LEAK

!        

!        

!        

control-plane

!        


R1#sh ip route


Gateway of last resort is not set

     172.12.0.0/24 is subnetted, 1 subnets

C       172.12.23.0 is directly connected, Serial1/0

C    192.168.4.0/24 is directly connected, Loopback4

C    192.168.5.0/24 is directly connected, Loopback5

C    192.168.1.0/24 is directly connected, Loopback1

C    192.168.2.0/24 is directly connected, Loopback2

C    192.168.3.0/24 is directly connected, Loopback3

D    192.168.0.0/21 is a summary, 00:24:55, Null0

R1#sh ip eigrp ne

R1#sh ip eigrp neighbors

IP-EIGRP neighbors for process 1

H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq

                                            (sec)         (ms)       Cnt Num

1   172.12.23.3             Se1/0            142 00:31:37  214  1284  0  15

0   172.12.23.2             Se1/0            148 00:32:52   62   372  0  14









Router 2


R2#sh running-config

Building configuration...



Current configuration : 1729 bytes

!

upgrade fpd auto

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R2

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

!

      

archive  

log config

  hidekeys

!        

!        

     

!        

ip tcp synwait-time 5

!        

!        

!        

!        

interface FastEthernet0/0

no ip address

shutdown

duplex auto

speed auto

!        

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!        

interface Serial1/0

ip address 172.12.23.2 255.255.255.0

encapsulation frame-relay

serial restart-delay 0

frame-relay map ip 172.12.23.1 201 broadcast

frame-relay map ip 172.12.23.3 201 broadcast

!        


!        


!        

router eigrp 1

network 172.12.23.0 0.0.0.255

no auto-summary

!        

ip forward-protocol nd

no ip http server

no ip http secure-server

!        


R2#sh ip eigrp neighbors

IP-EIGRP neighbors for process 1

H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq

                                            (sec)         (ms)       Cnt Num

0   172.12.23.1             Se1/0            178 00:34:50   55   330  0  18



R2#sh ip route eigrp | i 192

D    192.168.0.0/21 [90/2297856] via 172.12.23.1, 00:27:25, Serial1/0


R2#sh ip eigrp topology

IP-EIGRP Topology Table for AS(1)/ID(172.12.23.2)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,

       r - reply Status, s - sia Status

P 192.168.0.0/21, 1 successors, FD is 2297856

        via 172.12.23.1 (2297856/128256), Serial1/0

P 172.12.23.0/24, 1 successors, FD is 2169856

        via Connected, Serial1/0



Router 3


R3#sh running-config

Building configuration...



Current configuration : 1729 bytes

!

upgrade fpd auto

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R3

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

     

!        

!        

interface FastEthernet0/0

no ip address

shutdown

duplex auto

speed auto

!        

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!        

interface Serial1/0

ip address 172.12.23.3 255.255.255.0

encapsulation frame-relay

serial restart-delay 0

frame-relay map ip 172.12.23.1 301 broadcast

frame-relay map ip 172.12.23.2 301 broadcast

!        

    


!        

router eigrp 1

network 172.12.23.0 0.0.0.255

no auto-summary

!        

ip forward-protocol nd

no ip http server

no ip http secure-server

!        



R3#sh ip route eigrp | i 192

D    192.168.0.0/21 [90/2297856] via 172.12.23.1, 00:30:38, Serial1/0

R3#

R3#sh ip eigrp ne

R3#sh ip eigrp neighbors

IP-EIGRP neighbors for process 1

H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq

                                            (sec)         (ms)       Cnt Num

0   172.12.23.1             Se1/0            178 00:37:18   69   414  0  18

R3#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     172.12.0.0/24 is subnetted, 1 subnets

C       172.12.23.0 is directly connected, Serial1/0

D    192.168.0.0/21 [90/2297856] via 172.12.23.1, 00:30:56, Serial1/0

feroz syed Fri, 10/11/2013 - 23:00
User Badges:

After i review my config i found mention wrong leakmap cmd on summary route that is why it not work, now its working fine.

feroz syed Fri, 10/11/2013 - 23:02
User Badges:

ip prefix-list LEAK permit 10.1.1.0/24

ip prefix-list LEAK permit 10.1.2.0/24

ip prefix-list LEAK permit 10.1.3.0/24

route-map LEAKMAP

match ip address prefix LEAK

interface s1/0

ip summary-address  eigrp 1 10.0.0.0 255.0.0.0 leak-map LEAKMAP




can you please explaing me what is the use of  ip prefix-list and what is leak map.

Correct Answer
sathvik k v Sat, 10/12/2013 - 03:07
User Badges:

Hi syed,



Leak-map  is a technique which is used  with summarization. It is used in the situations where you want to summarize routes but still want some routes to be preffered over others for some reasons. Leak map reffernces an access-list and whatever network is permitted in the access-list will be leaked along summary route.


Refer:http://deepakarora1984.blogspot.in/2012/03/eigrp-leak-maps.html

http://blog.ine.com/2007/12/26/how-do-prefix-lists-work/


Regards,

Sathvik K V

feroz syed Sat, 10/12/2013 - 03:57
User Badges:

Hi sathvik,


thanks for you reply, just now i try using access-list instead of ip prefix-list like


ip summary-address eigrp 100 192.168.1.0 255.255.248.0 leak-map LEAK


ip access-list 10 permit 192.168.1.0 0.0.0.255

ip access-list 10 permit 192.168.2.0 0.0.0.255

ip access-list 10 permit 192.168.3.0 0.0.0.255

ip access-list 10 permit 192.168.4.0 0.0.0.255


route-map LEAK permit 1

match ip-address 10


It also doing the same job.

sathvik k v Sat, 10/12/2013 - 04:55
User Badges:

Hi Syed,


Access-list can also be used depends on scenario  and the way  you implement. Its just what you want to match in the route map.


Regards,

Sathvik K V

Peter Paluch Sat, 10/12/2013 - 05:22
User Badges:
  • Cisco Employee,

Dear friends,


Just to add a small remark - whenever filtering a set of routes in routing protocols, I recommend using prefix lists instead of ACLs. Prefix lists are easier to read and to understand, they are optimized for prefix and netmask matching, and they allow matching both for subnet addresses and netmasks. Standard ACLs perform matching based only on the subnet address but they are not capable of matching the subnet's mask, i.e. they are not able to differentiate between, say, 10.0.0.0/8 and 10.0.0.0/16. Extended ACLs support matching of netmasks in certain circumstances but they are so counter-intuitive that I do not want to even start discussing them.


The bottom line is - if you can use prefix lists then use them.


Best regards,

Peter

paul driver Fri, 10/11/2013 - 13:02
User Badges:
  • Green, 3000 points or more

Hello

Just to add to Cadet Allan post

You haven't stated if these links are Ethernet of Serial. ( I assume Fastethernet or Gig ports)

Anyway to avoid a discard route being entered in you rib table apply an admin distance of 255 at the end of the summary leak map command

Also if you are using serial you will need to configure a virtual interfaces on either serail interface as leap map isn't available other wise

Res
Paul

Sent from Cisco Technical Support iPad App

Actions

This Discussion