distribute-list scenario

Hi,

 

in EIGRP, assume a router is connected to multiple routers, and there are couple of prefixes learnt from all of these routers.

 

let us say you want to


  • filter prefix A from being received from gateway X,
  • filter prefix B from being received from gateway Y,
  • filter prefix C from being received from gateway Z,
  • any other prefixes should be permitted normally, 

 

syntax:

no distribute-list {access-list-number | prefix prefix-list-name [gateway prefix-list-name]} in [interface-type interface-number]

 

 

is this scenario possible to configure, and how you would do it ?

note that command distribute-list cannot be inserted more than once.

 

 

 

Comments

  • I see two solutions

    !-----------------------------
    ! distribute-list extended access-lists interpretation
    ! in IGP distribute-lists extended access-lists are interpreted as:
    ! access-list <extnum> permit ip <src+wc> <dst+wc>
    ! <src+wc> = update source; <dst+wc> = redist. network

    access-list 100 permit ip host <gateway X> <prefix A> <wcmask A>
    access-list 100 permit ip host <gateway Y> <prefix B> <wcmask B>
    access-list 100 permit ip host <gateway Z> <prefix C> <wcmask C>
    access-list 100 permit ip any any

    distribute-list 100 in

    !-----------------------------
    ! AD filtering
    ! distance command can be used several times - distance 255 filters from RIB

    access-list 1 permit <prefix A> <wcmask A>
    access-list 2 permit <prefix B> <wcmask B>
    access-list 3 permit <prefix C> <wcmask C>

    distance 255 <gateway X> 0.0.0.0 1
    distance 255 <gateway Y> 0.0.0.0 2
    distance 255 <gateway Z> 0.0.0.0 3

    !-----------------------------

     

    Kind regards

    Johannes

     

  • Hi Johannes

     

    thanks for you reply,

     

    you cannot use distributre-list more than once.

     

    but it looks like this is possible only with extended ACL, you cannot implement it with prefix-list or standard ACL

     

    thanks,

  • JoeMJoeM ✭✭✭

    If you are labbing your test, maybe play with this method also.

    router eigrp 100
         distribute-list prefix ROUTE-LIST-1 gateway GW-PREFIX-1 in Fx/y
         distribute-list prefix ROUTE-LIST-2 gateway GW-PREFIX-2 in Fx/z

    ip prefix-list ROUTE-LIST-1 ........    
    ip prefix-list ROUTE-LIST-2 ........   
     
    ip prefix-list GW-PREFIX-1 ........
    ip prefix-list GW-PREFIX-2 ........

  • Hi JeoM

     

    as I tested, you cannot use Distribute-List more than once.

  • JoeMJoeM ✭✭✭

    Which IOS are you using?  

    That output was from my config minus details.

    I have already torn down my test lab, but I think I was using  c7200-15.2(4)S3

     

    EDIT:   You are correct.  I redid my lab, and my distribution-list over-writes the previous statement.  One at a time.

     

     

  • you cannot use distributre-list more than once.

    True.

    But if you use either of my above methods you dont have to. The one uses distribute list exactly once, the other does not use distribute-list at all.

     

    but it looks like this is possible only with extended ACL, you cannot implement it with prefix-list or standard ACL

    If you restrict yourself to standard ACL you can still use the second method.

     

    Regards

    Johannes

     

  • thanks a lot guys for your help

  • let us say you want to

     

    • filter prefix A from being received from gateway X,
    • filter prefix B from being received from gateway Y,
    • filter prefix C from being received from gateway Z,
    • any other prefixes should be permitted normally, 

    I didn't test it yet so i might be wrong but if gateways x,y and z are also the originators of the routes you could try to create a single distribute-list that reference a route-map with multiple statements that match ip route-source for every gateway.

    let us know if it works

Sign In or Register to comment.