Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

EIGRP distribute-list route-map not filtering routes correctly

When I apply the distribute-list command under the EIGRP config mode without specifying an interface, inbound route filtering works, but when I specify an interface on which to apply the distribute-list, inbound route filtering does not work as expected.

I have a Cisco 1921 router and a Cisco 3550 switch exchanging routes on EIGRP AS 1. The Cisco 1921 router is physically connected on an access port on the Cisco 3550 switch on Fa0/3. Fa0/3 on the switch is assigned to VLAN 170. The Cisco 3550 switch has an SVI for VLAN 170, and uses it to form an EIGRP neighborship with the router.

I am trying to apply a distribute-list on the switch to filter the EIGRP advertisements from the router. When I used the following command, it did not filter out routes as expected (I want to only accept the default route):

distribute-list route-map RMAP-EIGRP.IN in Vlan170 (does not work)

distribute-list route-map RMAP-EIGRP.IN in (works)

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Hi, Looks like software

Hi,

 

Looks like software defect. There are few similar DDTS but not applicable to 122-44.SE6. After applying distribute-list, did you try to flap the EIGRP neighbor. Please try this and if still does not work, would suggest you to open a TAC case.

 

CSCte73093    distribute-list with an explicit interface does not work.

 

Regards,

Akash

3 REPLIES
Community Member

Here is some of the relevant

Diagnostic output when I used:

"distribute-list route-map RMAP-EIGRP.IN in Vlan170":

EASY-E#show ip route eigrp
     184.169.0.0/32 is subnetted, 1 subnets
D EX    184.169.142.144 [170/27392256] via 172.17.0.1, 01:05:34, Vlan170
     172.19.0.0/32 is subnetted, 1 subnets
D EX    172.19.73.58 [170/130816] via 172.17.0.1, 01:05:34, Vlan170
     172.27.0.0/17 is subnetted, 1 subnets
D       172.27.0.0 [90/26880512] via 172.17.0.1, 01:05:34, Vlan170
     172.26.0.0/29 is subnetted, 1 subnets
D       172.26.0.0 [90/26880256] via 172.17.0.1, 01:05:34, Vlan170
D EX 192.168.0.0/24 [170/26880512] via 172.17.0.1, 01:05:34, Vlan170
     208.87.137.0/32 is subnetted, 2 subnets
D EX    208.87.137.172 [170/27392256] via 172.17.0.1, 01:05:34, Vlan170
D EX    208.87.137.170 [170/27392256] via 172.17.0.1, 01:05:34, Vlan170
     192.168.100.0/32 is subnetted, 1 subnets
D EX    192.168.100.1 [170/130816] via 172.17.0.1, 01:05:34, Vlan170
D*EX 0.0.0.0/0 [170/130816] via 172.17.0.1, 01:05:34, Vlan170
D    172.16.0.0/14 is a summary, 01:28:46, Null0
D    172.26.0.0/15 [90/26880512] via 172.17.0.1, 01:05:34, Vlan170
EASY-E#

EASY-E(config-router)#do show ip eigrp neighbor detail
EIGRP-IPv4:(1) neighbors for process 1
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
0   172.17.0.1              Vl170             13 00:00:16    1   200  0  472
   Restart time 00:00:15
   Version 10.0/2.0, Retrans: 1, Retries: 0, Prefixes: 13
   Topology-ids from peer - 0 
EASY-E(config-router)#

 

... but when I used this command without specifying the interface, it filtered out routes as expected:

 

"distribute-list route-map RMAP-EIGRP.IN in":

 

EASY-E(config-router)#do show ip route eigrp
D*EX 0.0.0.0/0 [170/130816] via 172.17.0.1, 00:00:05, Vlan170
D    172.16.0.0/14 is a summary, 01:30:32, Null0

EASY-E(config-router)#do show ip eigrp neighbor detail
EIGRP-IPv4:(1) neighbors for process 1
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
0   172.17.0.1              Vl170             11 00:00:26    1   200  0  464
   Restart time 00:00:22
   Version 10.0/2.0, Retrans: 1, Retries: 0, Prefixes: 1
   Topology-ids from peer - 0 
EASY-E(config-router)#

 

 

 

 

 


Here is some of the relevant configuration:

EASY-E#show int desc
Interface                      Status         Protocol Description
Vl1                            admin down     down     
Vl170                          up             up       PROD.CORE SVI
Fa0/3                          up             up       NEWTON GI0/1

EASY-E#show run int vlan170
Building configuration...

Current configuration : 161 bytes
!
interface Vlan170
 description PROD.CORE SVI
 ip address 172.17.0.254 255.255.255.0
 no ip proxy-arp
 ip summary-address eigrp 1 172.16.0.0 255.252.0.0 5
end

EASY-E#

EASY-E#show run int fa0/3
Building configuration...

Current configuration : 430 bytes
!
interface FastEthernet0/3
 description NEWTON GI0/1
 switchport access vlan 170
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport mode access
 switchport nonegotiate
 switchport port-security maximum 14
 switchport port-security
 switchport port-security mac-address sticky
 switchport port-security mac-address sticky [REMOVED]
 spanning-tree portfast
 spanning-tree bpduguard enable
end

EASY-E#

EASY-E#show run | b router.eigrp.1
router eigrp 1
 passive-interface default
 no passive-interface Vlan170
 (distribute-list route-map RMAP-EIGRP.IN in Vlan170) or (distribute-list route-map RMAP-EIGRP.IN in)
 no auto-summary
 network 172.16.0.0 0.3.255.255
!

EASY-E#show ip eigrp neighbor detail
EIGRP-IPv4:(1) neighbors for process 1
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
0   172.17.0.1              Vl170             13 01:00:41    1   200  0  456
   Version 10.0/2.0, Retrans: 3, Retries: 0, Prefixes: 13
   Topology-ids from peer - 0 

 

EASY-E#show ip eigrp interfaces 
EIGRP-IPv4:(1) interfaces for process 1

                        Xmit Queue   Mean   Pacing Time   Multicast    Pending
Interface        Peers  Un/Reliable  SRTT   Un/Reliable   Flow Timer   Routes
Vl170              1        0/0         1       0/1           50           0
EASY-E#

route-map RMAP-EIGRP.IN permit 10
 description INBOUND EIGRP ROUTE FILTER
 description ROUTE MAP FOR INBOUND EIGRP ROUTE FILTER
 match ip address prefix-list PFL-EIGRP.IN
!

ip prefix-list PFL-EIGRP.IN description ACL FOR INBOUND EIGRP ROUTE FILTER ROUTE-MAP
ip prefix-list PFL-EIGRP.IN seq 5 permit 0.0.0.0/0


Anyone see any glaring mistakes? The Cisco 3550 switch is running c3550-ipservicesk9-mz.122-44.SE6.bin (12.2(44)SE6).

Cisco Employee

Hi, Looks like software

Hi,

 

Looks like software defect. There are few similar DDTS but not applicable to 122-44.SE6. After applying distribute-list, did you try to flap the EIGRP neighbor. Please try this and if still does not work, would suggest you to open a TAC case.

 

CSCte73093    distribute-list with an explicit interface does not work.

 

Regards,

Akash

Community Member

Thanks Akash. I tried the

Thanks Akash. I tried the same thing on a Cisco 3750G, and EIGRP routes were filtered correctly, so it looks like it's a bug.

876
Views
0
Helpful
3
Replies
CreatePlease to create content