in
IEOC CCIE Forums

IEOC - INE's Online Community

Welcome to INE's Online Community - IEOC - a place for CCIE and CCENT candidates to connect, share, and learn. Our Online Community features CCIE forums and discussions for all tracks including Routing & Switching, Voice, Security, Service Provider, Wireless,, and Storage. Through these online communities you can discuss your questions with thousands of your peers, hundreds of CCIE's and INE's own team of world renowned CCIE instructors and authors, Brian Dennis - Quintuple CCIE #2210, Brian McGahan – Triple CCIE #8593, Petr Lapukhov - Quad CCIE #16379, and Mark Snow - Dual CCIE #14073.
Latest post 04-18-2017 9:55 AM by pgallo@trimnet.it. 8 replies.
Page 1 of 1 (9 items)
Sort Posts: Previous Next
  • 04-07-2017 12:02 PM

    distribute-list scenario

    Hi,

     

    in EIGRP, assume a router is connected to multiple routers, and there are couple of prefixes learnt from all of these routers.

     

    let us say you want to

    • filter prefix A from being received from gateway X,
    • filter prefix B from being received from gateway Y,
    • filter prefix C from being received from gateway Z,
    • any other prefixes should be permitted normally, 

     

    syntax:

    no distribute-list {access-list-number | prefix prefix-list-name [gateway prefix-list-name]} in [interface-type interface-number]

     

     

    is this scenario possible to configure, and how you would do it ?

    note that command distribute-list cannot be inserted more than once.

     

     

     

    • Post Points: 35
  • 04-08-2017 11:16 PM In reply to

    Re: distribute-list scenario

    I see two solutions

    !-----------------------------
    ! distribute-list extended access-lists interpretation
    ! in IGP distribute-lists extended access-lists are interpreted as:
    ! access-list <extnum> permit ip <src+wc> <dst+wc>
    ! <src+wc> = update source; <dst+wc> = redist. network 
    
    access-list 100 permit ip host <gateway X> <prefix A> <wcmask A>
    access-list 100 permit ip host <gateway Y> <prefix B> <wcmask B>
    access-list 100 permit ip host <gateway Z> <prefix C> <wcmask C>
    access-list 100 permit ip any any
    
    distribute-list 100 in
    
    !-----------------------------
    ! AD filtering
    ! distance command can be used several times - distance 255 filters from RIB
    
    access-list 1 permit <prefix A> <wcmask A>
    access-list 2 permit <prefix B> <wcmask B>
    access-list 3 permit <prefix C> <wcmask C>
    
    distance 255 <gateway X> 0.0.0.0  1
    distance 255 <gateway Y> 0.0.0.0  2
    distance 255 <gateway Z> 0.0.0.0  3
    
    !-----------------------------
    

     

    Kind regards

    Johannes

     

    • Post Points: 20
  • 04-09-2017 10:10 AM In reply to

    Re: distribute-list scenario

    Hi Johannes

     

    thanks for you reply,

     

    you cannot use distributre-list more than once.

     

    but it looks like this is possible only with extended ACL, you cannot implement it with prefix-list or standard ACL

     

    thanks,

    • Post Points: 35
  • 04-09-2017 9:40 PM In reply to

    • JoeM
    • Top 10 Contributor
    • Joined on 04-15-2012
    • Guadalajara, Mexico
    • Elite
    • Points 31,545

    Re: distribute-list scenario

    If you are labbing your test, maybe play with this method also.

    router eigrp 100
         distribute-list prefix ROUTE-LIST-1 gateway GW-PREFIX-1 in Fx/y
         distribute-list prefix ROUTE-LIST-2 gateway GW-PREFIX-2 in Fx/z

    ip prefix-list ROUTE-LIST-1 ........    
    ip prefix-list ROUTE-LIST-2 ........   
     
    ip prefix-list GW-PREFIX-1 ........
    ip prefix-list GW-PREFIX-2 ........

    • Post Points: 20
  • 04-13-2017 2:32 PM In reply to

    Re: distribute-list scenario

    Hi JeoM

     

    as I tested, you cannot use Distribute-List more than once.

    • Post Points: 20
  • 04-13-2017 2:44 PM In reply to

    • JoeM
    • Top 10 Contributor
    • Joined on 04-15-2012
    • Guadalajara, Mexico
    • Elite
    • Points 31,545

    Re: distribute-list scenario

    Which IOS are you using?  

    That output was from my config minus details.

    I have already torn down my test lab, but I think I was using  c7200-15.2(4)S3

     

    EDIT:   You are correct.  I redid my lab, and my distribution-list over-writes the previous statement.  One at a time.

     

     

    • Post Points: 5
  • 04-15-2017 2:19 AM In reply to

    Re: distribute-list scenario

    oudmaster:

    you cannot use distributre-list more than once.

    True.

    But if you use either of my above methods you dont have to. The one uses distribute list exactly once, the other does not use distribute-list at all.

     

    oudmaster:

    but it looks like this is possible only with extended ACL, you cannot implement it with prefix-list or standard ACL

    If you restrict yourself to standard ACL you can still use the second method.

     

    Regards

    Johannes

     

    • Post Points: 20
  • 04-15-2017 10:03 AM In reply to

    Re: distribute-list scenario

    thanks a lot guys for your help

    • Post Points: 5
  • 04-18-2017 9:55 AM In reply to

    Re: distribute-list scenario

    oudmaster:

    let us say you want to

     

    • filter prefix A from being received from gateway X,
    • filter prefix B from being received from gateway Y,
    • filter prefix C from being received from gateway Z,
    • any other prefixes should be permitted normally, 

    I didn't test it yet so i might be wrong but if gateways x,y and z are also the originators of the routes you could try to create a single distribute-list that reference a route-map with multiple statements that match ip route-source for every gateway.

    let us know if it works

    • Post Points: 5
Page 1 of 1 (9 items)
IEOC CCIE Forums Internetwork Expert CCIE Training
About IEOC | Terms of Use | RSS | Privacy Policy
© 2010 Internetwork Expert, Inc. All Rights Reserved