Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
314
Views
0
Helpful
1
Replies

PBR/Distribution List help

Andrew White
Level 2
Level 2

‎02-22-2014 11:34 AM - edited ‎03-07-2019 06:22 PM

Hello,

I have this simple lab to practise filtering traffic so R1 and R2 can't see each other in there routing tables:

block lab.JPG

I've tried 3 methods and only example 1 seems to work, what am I doing wrong?

Example 1 (Worked)

R3

router eigrp 200

redistribute eigrp 100

network 10.1.1.0 0.0.0.255

network 10.1.2.0 0.0.0.255

distribute-list 2 out FastEthernet0/0

distribute-list 1 out Serial0/0

no auto-summary

!        

access-list 1 deny   10.1.2.0 0.0.0.255 log

access-list 1 permit any log

access-list 2 deny   10.1.1.0 0.0.0.255 log

access-list 2 permit any log

Example 2 (Didn't work the can ping each other)

R3

router eigrp 200

redistribute eigrp 100

network 10.1.1.0 0.0.0.255

network 10.1.2.0 0.0.0.255

distribute-list 101 out FastEthernet0/0

distribute-list 100 out Serial0/0

no auto-summary

!        

access-list 100 deny   ip 10.1.2.0 0.0.0.255 10.1.1.0 0.0.0.255 log

access-list 100 permit ip any any

access-list 101 deny   ip 10.1.1.0 0.0.0.255 10.1.2.0 0.0.0.255 log

access-list 101 permit ip any any

Example 3 (Didn't work they can ping each other)

R3

interface FastEthernet0/0

ip address 10.1.2.3 255.255.255.0

ip policy route-map pbr2

duplex auto

speed auto

!

interface Serial0/0

ip address 10.1.1.3 255.255.255.0

encapsulation ppp

ip policy route-map pbr1

clock rate 2000000

!

access-list 1 permit 10.1.2.0 0.0.0.255 log

access-list 2 permit 10.1.1.0 0.0.0.255 log

!

route-map pbr1 deny 10

match ip address 1

!

route-map pbr1 permit 20

!

route-map pbr2 deny 10

match ip address 2

!        

route-map pbr2 permit 20

Maybe on example 2 I could use 1 route-map and redistribute into eigrp 200?

Hopefully someone with a fresh pair of eyes can help?

Thanks

Labels:
0 Helpful
1 Reply 1

Richard Burts
Hall of Fame
Hall of Fame

‎02-22-2014 11:45 AM

In example 2 you coded the access lists like you would if you were  going to assign them with access-group on the physical interfaces where  you specify source address and destination address. But you are trying  to use the access list in a distribute list. In a distribute list you  are filtering the advertisement and advertisements do not have source  and destination addresses.

In  example 3 you are using route map deny logic which gets a bit tricky. I  suggest that you start with route maps which use permit in the route  map statement and deny in the access list logic. These are much more  easy to work with. After you get quite comfortable with route map logic  you can come back to the route map deny logic.

HTH

Rick

HTH

Rick
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card