RIPv2 Filtering with Prefix Lists

A few things have me confused on the V5 RIP Filtering Labs.

I was playing around (trying to go above and beyond the lab) with trying to create an exact distribute list for gateway R4 but I cant understand why my distribute list is not working. In my below prefix list I deny network 11 and permit everything esle. Shouldnt I be able to filter on an exact prefix using the gateway keyword? As we see from the "show ip route rip" it still filters all networks from R4 instead of the just the 11 network as shown by update timer over 30 seconds. Did I do something wrong here? It looks to be right but just isnt working. Oddly enough, I get the same outcome if I remove "prefix NO_11" out of the distribute-list command. 

router rip

 version 2

 network 150.1.0.0

 network 155.1.0.0

 distribute-list prefix NO_11 gateway NO_4 in Tunnel0

 no auto-summary

 

ip prefix-list NO_11 seq 10 deny 11.11.11.11/32  <----Deny the 11 network

ip prefix-list NO_11 seq 20 permit 0.0.0.0/0 le 32 <----Permit everything esle

!

ip prefix-list NO_4 seq 10 deny 155.1.0.4/32 <------- Deny only R4 with the Address 155.1.0.4

ip prefix-list NO_4 seq 20 permit 0.0.0.0/0 le 32 <-------- Permit every thing else

!

 

Show ip route RIP

 

R        11.11.11.11 [120/1] via 155.1.45.4, 00:00:14, GigabitEthernet1.45

                     [120/1] via 155.1.0.4, 00:00:47, Tunnel0

R        150.1.4.4 [120/1] via 155.1.45.4, 00:00:14, GigabitEthernet1.45

                   [120/1] via 155.1.0.4, 00:00:47, Tunnel0

 

 

Debug IP RIP

RIP: received v2 update from 155.1.0.4 on Tunnel0

     11.11.11.11/32 via 0.0.0.0 in 1 hops

     150.1.1.1/32 via 0.0.0.0 in 3 hops

     150.1.2.2/32 via 0.0.0.0 in 3 hops

     150.1.3.3/32 via 0.0.0.0 in 3 hops

     150.1.4.4/32 via 0.0.0.0 in 1 hops

     150.1.6.6/32 via 0.0.0.0 in 4 hops

     150.1.7.7/32 via 0.0.0.0 in 4 hops

     150.1.9.9/32 via 0.0.0.0 in 5 hops

     155.1.7.0/24 via 0.0.0.0 in 4 hops

     155.1.9.0/24 via 0.0.0.0 in 5 hops

     155.1.13.0/24 via 0.0.0.0 in 3 hops

     155.1.37.0/24 via 0.0.0.0 in 3 hops

     155.1.45.0/24 via 0.0.0.0 in 1 hops

     155.1.67.0/24 via 0.0.0.0 in 4 hops

     155.1.79.0/24 via 0.0.0.0 in 4 hops

 

Any thoughts as to what might be going on here?

 

Thanks  for any advise

Comments

  • It looks to me like it's processing the gateway part first and saying to filter R4 completely, then it's deciding what networks to accept from the others. Unfortunately this is a very poorly documented command.

  • Looks like some others have experienced your problem as well: http://ieoc.com/forums/p/4289/179826.aspx

  • ip prefix-list NO_11 seq 10 deny 11.11.11.11/32  <----Deny the 11 network

    ip prefix-list NO_11 seq 20 permit 0.0.0.0/0 le 32 <----Permit everything esle

    !

    ip prefix-list NO_4 seq 10 deny 155.1.0.4/32 <------- Deny only R4 with the Address 155.1.0.4

    ip prefix-list NO_4 seq 20 permit 0.0.0.0/0 le 32 <-------- Permit every thing else

    !

    The issue with the above is this

    1) You are denying the 11.11.11.11/32 from being learnt from anybody except 155.1.0.4/32

    2) You are permitting any network to be learned from anybody except 155.1.0.4/32

     

    The end result here is that the only 11.11.11.11/32 network will be learnt only from R4

  • His output shows that he is still learning both 11.11.11.11 and 150.1.4.4 from 155.1.45.4 and that he stopped learning both from 155.1.0.4 (47 seconds instead of <30 seconds).

  • Sorry this took so long to resopnd, You are right. I didnt even notice that. I need to permit the 11 network and deny 0.0.0.0.

     

    Thanks much for the help. And thanks everybody esle for responding. 

  • Hi,

    this command is indeed very badly documented. This tasks does not make a lot of sense since we still have the summarization between R5 and R8. Is this on purpose? I feel that most tasks were written with very little consideration of the previous tasks?I would like to mention that the sample solution is not the optimal solution in this case. Also, the incoming interface is missing. We don't need the PERMIT_ALL prefix-list. The following config is enough:

    distribute-list gateway NOT_FROM_R4 in Tunnel0
    
    
     
  • Hi,

    this command is indeed very badly documented. This tasks does not make a lot of sense since we still have the summarization between R5 and R8. Is this on purpose? I feel that most tasks were written with very little consideration of the previous tasks?I would like to mention that the sample solution is not the optimal solution in this case. Also, the incoming interface is missing. We don't need the PERMIT_ALL prefix-list. The following config is enough:

    distribute-list gateway NOT_FROM_R4 in Tunnel0
    
    
    
    

    Yes ... I use exactly the same solution:

    R5#show run | s prefix.*DENY|router rip

    router rip

     version 2

     timers basic 10 60 60 80

     network 150.1.0.0

     network 155.1.0.0

     distribute-list gateway DENY_R4 in Tunnel0

     distribute-list prefix STOP_LOOPBACK out GigabitEthernet1.58

     no auto-summary

    ip prefix-list DENY_ALL seq 5 deny 0.0.0.0/0 le 32

    ip prefix-list DENY_R4 seq 5 deny 155.1.0.4/32

    ip prefix-list DENY_R4 seq 100 permit 0.0.0.0/0 le 32



    p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica}

    R5#

     

    I just want to add that i have missed the v4 workbook structure of considering previous tasks. This is a case

     

    Best regards

  • ip prefix-list NO_11 seq 10 deny 11.11.11.11/32  <----Deny the 11 network

    ip prefix-list NO_11 seq 20 permit 0.0.0.0/0 le 32 <----Permit everything esle

    !

    ip prefix-list NO_4 seq 10 deny 155.1.0.4/32 <------- Deny only R4 with the Address 155.1.0.4

    ip prefix-list NO_4 seq 20 permit 0.0.0.0/0 le 32 <-------- Permit every thing else

    !

    The issue with the above is this

    1) You are denying the 11.11.11.11/32 from being learnt from anybody except 155.1.0.4/32

    2) You are permitting any network to be learned from anybody except 155.1.0.4/32

     

    The end result here is that the only 11.11.11.11/32 network will be learnt only from R4

    I am trying this filtering with two keywords (prefix and gateway) but i havent make my desire ressult that is filtering controlled routes from controlled gateways.

    I want to filter 155.1.13.0 from R1 o R3 that make ECMP on the topology with no success:

    R5#show ip ro rip 

    Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

           D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 

           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

           E1 - OSPF external type 1, E2 - OSPF external type 2

           i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

           ia - IS-IS inter area, * - candidate default, U - per-user static route

           o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

           a - application route

           + - replicated route, % - next hop override

     

    Gateway of last resort is not set

     

          150.1.0.0/32 is subnetted, 10 subnets

    R        150.1.1.1 [120/2] via 155.1.0.3, 00:00:00, Tunnel0

    R        150.1.2.2 [120/1] via 155.1.0.2, 00:00:03, Tunnel0

    R        150.1.3.3 [120/1] via 155.1.0.3, 00:00:00, Tunnel0

    R        150.1.4.4 [120/1] via 155.1.45.4, 00:00:01, GigabitEthernet1.45

                       [120/1] via 155.1.0.4, 00:00:10, Tunnel0

    R        150.1.6.6 [120/3] via 155.1.0.3, 00:00:00, Tunnel0

    R        150.1.7.7 [120/2] via 155.1.0.3, 00:00:00, Tunnel0

    R        150.1.8.8 [120/1] via 155.1.58.8, 00:00:10, GigabitEthernet1.58

    R        150.1.9.9 [120/3] via 155.1.0.3, 00:00:00, Tunnel0

    R        150.1.10.10 [120/2] via 155.1.58.8, 00:00:10, GigabitEthernet1.58

          155.1.0.0/16 is variably subnetted, 17 subnets, 2 masks

    R        155.1.7.0/24 [120/2] via 155.1.0.3, 00:00:00, Tunnel0

    R        155.1.8.0/24 [120/1] via 155.1.58.8, 00:00:10, GigabitEthernet1.58

    R        155.1.9.0/24 [120/3] via 155.1.0.3, 00:00:00, Tunnel0

    R        155.1.10.0/24 [120/2] via 155.1.58.8, 00:00:10, GigabitEthernet1.58

    R        155.1.37.0/24 [120/1] via 155.1.0.3, 00:00:00, Tunnel0

    R        155.1.67.0/24 [120/2] via 155.1.0.3, 00:00:00, Tunnel0

    R        155.1.79.0/24 [120/2] via 155.1.0.3, 00:00:00, Tunnel0

    R        155.1.108.0/24 [120/1] via 155.1.58.8, 00:00:10, GigabitEthernet1.58

    R        155.1.146.0/24 [120/2] via 155.1.0.3, 00:00:00, Tunnel0

    R5# 

    R5#show run | s router rip

    router rip

     version 2

     timers basic 10 60 60 80

     network 150.1.0.0

     network 155.1.0.0

     distribute-list prefix DENY_13 gateway NOT_R1 in Tunnel0

     distribute-list prefix STOP_LOOPBACK out GigabitEthernet1.58

     no auto-summary

    R5#show ip pre

    R5#show ip prefix-list DENY_13

    ip prefix-list DENY_13: 2 entries

       seq 5 deny 155.1.13.0/24

       seq 100 permit 0.0.0.0/0 le 32

    show ip prefix-list NOT_R1

    ip prefix-list NOT_R1: 2 entries

       seq 5 deny 155.1.0.1/32

       seq 100 permit 0.0.0.0/0 le 32



    p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica}
    p.p2 {margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica; min-height: 14.0px}

    R5#

     

    Suggestions?

     

  • I’m having this same issue in 2019. I must be missing something somewhere. And summarization is still included from previous lab. Furthermore, I copied the exact configs from labs 3.1 through 3.10 but I can’t block R6 and R7 loopbacks from being advertised from R5 to R8.

    Was anyone else able to make it work ?

  • camrakecamrake
    edited September 6

    After re-running the lab yet again, I was able to get all labs up and through 3.10 (RIPv2 Filtering with Prefix-Lists) to work as expected. I DID have to remove the configs from 3.6 (Manual Summarization) on R5 (of Lo0 on R1-7) towards R8 (as seen below). I also had to wait for all timers to expire and the old routed to die off.

    R5:
    interface GigabitEthernet1.58
    ip summary-address rip 150.1.0.0 255.255.248.0

    Now I'm wondering how or if you can actually accomplish both at the same time...

Sign In or Register to comment.