Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

EIGRP route filter

Hi,

i have one eigrp topology running with two Autonomous system (AS100 and AS200), now the  problem is am trying to block the network (4.4.4.4/32 AS100) from AS 100 to AS 200 and company policy not allowed to use Distribute-list for filtering.

i) First i try Standard ACL and apply under the interface won't work (the router has only one interface connected)

{ interface Serial1/0

ip address 123.0.0.3 255.255.255.0

ip access-group 1 in

R3#sh access-lists

Standard IP access list 1

    10 deny   4.4.4.4

    20 permit any (44 matches) }

ii) Second i try using PBR using unreachable metric (255) and applied under the interface same result won't work

R3#sh access-lists

Standard IP access list 1

    10 permit 4.4.4.4

R3#sh route-map

route-map FILTER_R4, permit, sequence 10

  Match clauses:

    ip address 1

  Set clauses:

metric 255

{ interface Serial1/0

ip address 123.0.0.3 255.255.255.0

ip policy route-map  FILTER_R4 in }

iii) Third i try using Distance cmd under Eigrp config same result again not work !!

       

     distance 255 4.4.4.4 0.0.0.0

R3#sh ip route 4.4.4.4

Routing entry for 4.4.4.4/32

  Known via "eigrp 200", distance 170, metric 1075200, type external

  Redistributing via eigrp 200

  Last update from 123.0.0.1 on Serial1/0, 00:32:06 ago

  Routing Descriptor Blocks:

  * 123.0.0.1, from 123.0.0.1, 00:32:06 ago, via Serial1/0

      Route metric is 1075200, traffic share count is 1

      Total delay is 42000 microseconds, minimum bandwidth is 1544 Kbit

      Reliability 255/255, minimum MTU 1500 bytes

      Loading 255/255, Hops 2

Please give me the reason for why it not work using ACL, PBR and EIGRP Unreachable Distance also give me the solution for filtering this network



   


4 REPLIES

EIGRP route filter

Hi feroz_syed,

Items 1 and 2 are wrong usage of filtering routes. In order to get these two working you have to call access-list and route-map statements under the router eigrp process.

You almost got item 3 correct. Here is the correct config.

distance <1-255>

access-list 1 permit 4.4.4.4

!

distance 255 123.0.0.1 0.0.0.0 1

Another way to accomplish your requirement is to use off-set list.

access-list 1 permit 4.4.4.4

!

router eigrp XXX

offset-list 1 in 2147483647 Serial1/0

Please rate replies and mark question as "answered" if applicable.

Please rate replies and mark question as "answered" if applicable.
New Member

EIGRP route filter

Thanks for your reply

i try using the same method as you mention but won't work, still the route appear in rib

access-list 1 permit 4.4.4.4

!

distance 255 123.0.0.1 0.0.0.0 1

[

R3#sh ip access-lists

Standard IP access list 1

    10 permit 4.4.4.4 (2 matches)

R3#

R3#sh run | se ei

ip authentication mode eigrp 200 md5

ip authentication key-chain eigrp 200 secure

router eigrp 200

network 3.3.3.3 0.0.0.0

network 123.0.0.0 0.0.0.255

metric weights 0 0 0 1 0 0

distribute-list prefix FILTER_R1_PREFIX in

distance 255 123.0.0.1 0.0.0.0 1

no auto-summary

eigrp router-id 3.3.3.3

eigrp stub connected summary

R3#sh ip route 4.4.4.4

Routing entry for 4.4.4.4/32

  Known via "eigrp 200", distance 170, metric 1075200, type external

  Redistributing via eigrp 200

  Last update from 123.0.0.1 on Serial1/0, 00:01:39 ago

  Routing Descriptor Blocks:

  * 123.0.0.1, from 123.0.0.1, 00:01:39 ago, via Serial1/0

      Route metric is 1075200, traffic share count is 1

      Total delay is 42000 microseconds, minimum bandwidth is 1544 Kbit

      Reliability 255/255, minimum MTU 1500 bytes

      Loading 255/255, Hops 2

]

EIGRP route filter

Hi,

Unfortunately it is not possible to change the AD for external EIGRP routes, this method only works for internal routes.

Purple

EIGRP route filter

Hi,

just use a route-map for redistribution and deny this prefix.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
175
Views
0
Helpful
4
Replies
CreatePlease to create content