ā02-11-2014 01:38 PM - edited ā03-04-2019 10:19 PM
Hi,
i have one eigrp topology running with two Autonomous system (AS100 and AS200), now the problem is am trying to block the network (4.4.4.4/32 AS100) from AS 100 to AS 200 and company policy not allowed to use Distribute-list for filtering.
i) First i try Standard ACL and apply under the interface won't work (the router has only one interface connected)
{ interface Serial1/0
ip address 123.0.0.3 255.255.255.0
ip access-group 1 in
R3#sh access-lists
Standard IP access list 1
10 deny 4.4.4.4
20 permit any (44 matches) }
ii) Second i try using PBR using unreachable metric (255) and applied under the interface same result won't work
R3#sh access-lists
Standard IP access list 1
10 permit 4.4.4.4
R3#sh route-map
route-map FILTER_R4, permit, sequence 10
Match clauses:
ip address 1
Set clauses:
metric 255
{ interface Serial1/0
ip address 123.0.0.3 255.255.255.0
ip policy route-map FILTER_R4 in }
iii) Third i try using Distance cmd under Eigrp config same result again not work !!
distance 255 4.4.4.4 0.0.0.0
R3#sh ip route 4.4.4.4
Routing entry for 4.4.4.4/32
Known via "eigrp 200", distance 170, metric 1075200, type external
Redistributing via eigrp 200
Last update from 123.0.0.1 on Serial1/0, 00:32:06 ago
Routing Descriptor Blocks:
* 123.0.0.1, from 123.0.0.1, 00:32:06 ago, via Serial1/0
Route metric is 1075200, traffic share count is 1
Total delay is 42000 microseconds, minimum bandwidth is 1544 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 255/255, Hops 2
Please give me the reason for why it not work using ACL, PBR and EIGRP Unreachable Distance also give me the solution for filtering this network
ā02-11-2014 02:25 PM
Hi feroz_syed,
Items 1 and 2 are wrong usage of filtering routes. In order to get these two working you have to call access-list and route-map statements under the router eigrp process.
You almost got item 3 correct. Here is the correct config.
distance <1-255>
access-list 1 permit 4.4.4.4
!
distance 255 123.0.0.1 0.0.0.0 1
Another way to accomplish your requirement is to use off-set list.
access-list 1 permit 4.4.4.4
!
router eigrp XXX
offset-list 1 in 2147483647 Serial1/0
Please rate replies and mark question as "answered" if applicable.
ā02-11-2014 02:41 PM
Thanks for your reply
i try using the same method as you mention but won't work, still the route appear in rib
access-list 1 permit 4.4.4.4
!
distance 255 123.0.0.1 0.0.0.0 1
[
R3#sh ip access-lists
Standard IP access list 1
10 permit 4.4.4.4 (2 matches)
R3#
R3#sh run | se ei
ip authentication mode eigrp 200 md5
ip authentication key-chain eigrp 200 secure
router eigrp 200
network 3.3.3.3 0.0.0.0
network 123.0.0.0 0.0.0.255
metric weights 0 0 0 1 0 0
distribute-list prefix FILTER_R1_PREFIX in
distance 255 123.0.0.1 0.0.0.0 1
no auto-summary
eigrp router-id 3.3.3.3
eigrp stub connected summary
R3#sh ip route 4.4.4.4
Routing entry for 4.4.4.4/32
Known via "eigrp 200", distance 170, metric 1075200, type external
Redistributing via eigrp 200
Last update from 123.0.0.1 on Serial1/0, 00:01:39 ago
Routing Descriptor Blocks:
* 123.0.0.1, from 123.0.0.1, 00:01:39 ago, via Serial1/0
Route metric is 1075200, traffic share count is 1
Total delay is 42000 microseconds, minimum bandwidth is 1544 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 255/255, Hops 2
]
ā02-11-2014 02:55 PM
Hi,
Unfortunately it is not possible to change the AD for external EIGRP routes, this method only works for internal routes.
ā02-11-2014 11:48 PM
Hi,
just use a route-map for redistribution and deny this prefix.
Regards
Alain
Don't forget to rate helpful posts.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: