EIGRP Filtering with Distribute List

 

topology, rjlogs, gns3

The objective is to prevent 12.12.12.12 and 22.22.22.22 from being advertised to R1.

Configuration of R1 :

R1(config)#interface e0/0
R1(config-if)#ip address 10.10.10.1 255.255.255.252
R1(config-if)#no shut

R1(config)#interface loopback 0
R1(config-if)#ip address 1.1.1.1 255.255.255.255
R1(config-if)#no shut

R1(config)#router eigrp 100
R1(config-router)#network 10.10.10.1 0.0.0.0
R1(config-router)#network 1.1.1.1 0.0.0.0
R1(config-router)#no auto-summary

Configuration of R2 :

R2(config)#interface e0/0
R2(config-if)#ip address 10.10.10.2 255.255.255.252
R2(config-if)#no shut

R2(config)#interface e0/1
R2(config-if)#ip address 20.20.20.1 255.255.255.252
R2(config-if)#no shut

R2(config)#interface loopback 0
R2(config-if)#ip address 2.2.2.2 255.255.255.255
R2(config-if)#no shut

R2(config)#interface loopback 1
R2(config-if)#ip address 12.12.12.12 255.255.255.255
R2(config-if)#no shut

R2(config)#interface loopback 2
R2(config-if)#ip address 22.22.22.22 255.255.255.255
R2(config-if)#no shut

R2(config)#router eigrp 100
R2(config-router)#network 10.10.10.2 0.0.0.0
R2(config-router)#network 20.20.20.1 0.0.0.0
R2(config-router)#network 2.2.2.2 0.0.0.0
R2(config-router)#network 12.12.12.12 0.0.0.0
R2(config-router)#network 22.22.22.22 0.0.0.0
R2(config-router)#no auto-summary

Configuration of R3 :

R3(config)#interface e0/0
R3(config-if)#ip address 20.20.20.2 255.255.255.252
R3(config-if)#no shut

R3(config)#interface loopback 0
R3(config-if)#ip address 3.3.3.3 255.255.255.255
R3(config-if)#no shut

R3(config)#router eigrp 100
R3(config-router)#network 20.20.20.2 0.0.0.0
R3(config-router)#network 3.3.3.3 0.0.0.0
R3(config-router)#no auto-summary

Now lets verify from R1 :

R1#sh ip route eigrp
— output omitted —

Gateway of last resort is not set

2.0.0.0/32 is subnetted, 1 subnets
D 2.2.2.2 [90/409600] via 10.10.10.2, 00:18:07, Ethernet0/0
3.0.0.0/32 is subnetted, 1 subnets
D 3.3.3.3 [90/435200] via 10.10.10.2, 00:02:01, Ethernet0/0
12.0.0.0/32 is subnetted, 1 subnets
D 12.12.12.12 [90/409600] via 10.10.10.2, 00:17:57, Ethernet0/0
20.0.0.0/30 is subnetted, 1 subnets
D 20.20.20.0 [90/307200] via 10.10.10.2, 00:02:03, Ethernet0/0
22.0.0.0/32 is subnetted, 1 subnets
D 22.22.22.22 [90/409600] via 10.10.10.2, 00:17:48, Ethernet0/0

R1#ping 12.12.12.12
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.12.12.12, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/4/13 ms
R1#ping 22.22.22.22
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 22.22.22.22, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/11 ms

Well done, we can see 12.12.12.12 and 22.22.22.22 from R1, but based on scenario we have to block them to be accessed from R1.

We can add configuration on R2 :

R2(config)#access-list 1 deny 12.12.12.12 0.0.0.0
R2(config)#access-list 1 deny 22.22.22.22 0.0.0.0
R2(config)#access-list 1 permit any
R2(config)#router eigrp 100
R2(config-router)#distribute-list 1 out e0/0

Lets verify from R1 :

R1#sh ip route eigrp
— output omitted —

Gateway of last resort is not set

2.0.0.0/32 is subnetted, 1 subnets
D 2.2.2.2 [90/409600] via 10.10.10.2, 00:36:37, Ethernet0/0
3.0.0.0/32 is subnetted, 1 subnets
D 3.3.3.3 [90/435200] via 10.10.10.2, 00:20:31, Ethernet0/0
20.0.0.0/30 is subnetted, 1 subnets
D 20.20.20.0 [90/307200] via 10.10.10.2, 00:20:33, Ethernet0/0

R1#ping 12.12.12.12
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.12.12.12, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)
R1#ping 22.22.22.22
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 22.22.22.22, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)

From the result we can see that 12.12.12.12 and 2.2.2.2 have disappeared from R1’s routing table,and they can’t accessed from R1 now.

Also read : RIP Filtering with Offset List.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s