filtering EIGRP

livenliven Member Posts: 918
I posted a question about filtering earlier (no responses)....

So I am trying a different approach.....


Is there any other way to filter a route that is learned by a device via EIGRP besides:

prefix lists
access lists

For example....


Router 3 has an interface that is on a different subnet. Eigrp advertises this subnet to router 2 which in turn advertises this subnet to router 1.


I am trying to stop the advertisement at router 2. I am curious as if there is any way to stop the advertisements besides prefix lists and ACLs. If these are the only options fine, I just want to make sure.


THANKS!!!!
encrypt the encryption, never mind my brain hurts.

Comments

  • GT-RobGT-Rob Member Posts: 1,090
    Off the top of my head I can't think of any. Sooner or later you need to specify the routes you want to filter, and the only ways I can think of are via an ACL or prefix-list.

    Once you have defined the route there are many ways to filter it, but you still need to define the specific route.
  • EdTheLadEdTheLad Member Posts: 2,111 ■■■■□□□□□□
    liven wrote: »
    I posted a question about filtering earlier (no responses)....

    Router 3 has an interface that is on a different subnet. Eigrp advertises this subnet to router 2 which in turn advertises this subnet to router 1.


    I am trying to stop the advertisement at router 2. I am curious as if there is any way to stop the advertisements besides prefix lists and ACLs. If these are the only options fine, I just want to make sure.


    THANKS!!!!

    Eigrp uses a delay value of FFFFFFFF i.e 4294967295 to mark a route as unreachable.You could use a route-map to match the prefix and apply the offset list so that the prefix is advertised with a metric 4294967294.
    This route will be seen in R2 and be unreachable on R1.

    Unfortunately there is no way to change the hop count per prefix in eigrp.
    Networking, sometimes i love it, mostly i hate it.Its all about the $$$$
  • livenliven Member Posts: 918
    I understand I need to specify routes.


    I am just trying to work through some of the exercises in the BSCI lab book.


    However since the challenge lab I am on need to prevent some routes from being advertised, yet none of the labs up to this point have covered ACL's or prefix lists, I am just trying to make sure I am moving in the correct direction.

    Thanks
    encrypt the encryption, never mind my brain hurts.
  • GT-RobGT-Rob Member Posts: 1,090
    EdTheLad wrote: »
    Eigrp uses a delay value of FFFFFFFF i.e 4294967295 to mark a route as unreachable.You could use a route-map to match the prefix and apply the offset list so that the prefix is advertised with a metric 4294967294.
    This route will be seen in R2 and be unreachable on R1.

    Unfortunately there is no way to change the hop count per prefix in eigrp.


    You would still being using an ACL or prefix-list to match the IP address in the route-map.
  • EdTheLadEdTheLad Member Posts: 2,111 ■■■■□□□□□□
    GT-Rob wrote: »
    You would still being using an ACL or prefix-list to match the IP address in the route-map.

    Ok, well if you cant match the individual route you could filter all routes that have a hop count great than 1 using:
    R1(config-router)#metric maximum-hops 1
    Networking, sometimes i love it, mostly i hate it.Its all about the $$$$
  • Silver BulletSilver Bullet Member Posts: 676
    I haven't seen the particular lab exercise you're referring to (I don't have that book yet), but I was working on a lab exercise where the requirements were the same. I was able to accomplish the requirement by using a standard acl and then using eigrp distribute-lists.

    My particular lab had lo0-lo7 in 172.30.0.0/21 that wasn't supposed to be advertised past R2.
    R2(config)#ip access-list standard EIGRP
    R2(config-std-nacl)#deny 172.30.0.0 0.0.7.255
    R2(config-std-nacl)#permit any
    R2(config-std-nacl)#exit
    R2(config)#router eigrp 1
    R2(config-router)#distribute-list EIGRP out fa1/0
    
  • EdTheLadEdTheLad Member Posts: 2,111 ■■■■□□□□□□
    I haven't seen the particular lab exercise you're referring to (I don't have that book yet), but I was working on a lab exercise where the requirements were the same. I was able to accomplish the requirement by using a standard acl and then using eigrp distribute-lists.

    My particular lab had lo0-lo7 in 172.30.0.0/21 that wasn't supposed to be advertised past R2.
    R2(config)#ip access-list standard EIGRP
    R2(config-std-nacl)#deny 172.30.0.0 0.0.7.255
    R2(config-std-nacl)#permit any
    R2(config-std-nacl)#exit
    R2(config)#router eigrp 1
    R2(config-router)#distribute-list EIGRP out fa1/0
    

    Hrmm i was sure i read something above about access-lists not being allowed.
    Networking, sometimes i love it, mostly i hate it.Its all about the $$$$
  • Silver BulletSilver Bullet Member Posts: 676
    I don't consider reading full posts one of my strengths. icon_lol.gif
  • cisco_troopercisco_trooper Too many Member Posts: 1,442 ■■■■□□□□□□
    I'll give you a clue. You can use a route map, but I'm not telling you how just yet.....
  • GT-RobGT-Rob Member Posts: 1,090
    This subnet you trying to filter off, is in the same AS as the others?


    What if on router 3

    route-map test
    match route-type local
    set tag 100

    then on router 2

    route-map filter
    match tag 100

    then just apply what ever technique you want to use to filter. I am just not sure if this will filter out the link to R3 altogether. I just don't know how else to match the route on R2 so it can then filter it out.


    EDIT

    What if you were to redistribute the subnet off R3 back into EIGRP, then match external routes and filter on R2?
  • EdTheLadEdTheLad Member Posts: 2,111 ■■■■□□□□□□
    GT-Rob wrote: »
    This subnet you trying to filter off, is in the same AS as the others?


    What if on router 3

    route-map test
    match route-type local
    set tag 100

    then on router 2

    route-map filter
    match tag 100

    then just apply what ever technique you want to use to filter. I am just not sure if this will filter out the link to R3 altogether. I just don't know how else to match the route on R2 so it can then filter it out.


    EDIT

    What if you were to redistribute the subnet off R3 back into EIGRP, then match external routes and filter on R2?

    "match route-type local" is used in bgp not eigrp.

    You could match the metric of the route, so on R3 you could change bandwidth or delay of the interface to obtain a unique metric.
    Then on R2 you could config:

    route-map test deny 10
    match metric zzz
    !
    route-map test permit 20
    !
    router eigrp 1
    distribute-list route-map test out ser x/x
    Networking, sometimes i love it, mostly i hate it.Its all about the $$$$
  • GT-RobGT-Rob Member Posts: 1,090
    A distribute list is not used with a route-map in EIGRP (in 12.3 anyway). It requires an ACL or prefix list.


    And yes, you are correct about the local setting.
  • APAAPA Member Posts: 959
    Use multiple instances of EIGRP, redistribute what you have to into either instance.

    This is only an assumption that your topology would support this... as you'd need at least one router to run both instances to allows you to redistribute between the two EIGRP processes.

    CCNA | CCNA:Security | CCNP | CCIP
    JNCIA:JUNOS | JNCIA:EX | JNCIS:ENT | JNCIS:SEC
    JNCIS:SP | JNCIP:SP
  • livenliven Member Posts: 918
    distribute-list worked in 12.4....

    There is an entire section in the book about this method.


    I will also try the route map method as well.
    encrypt the encryption, never mind my brain hurts.
  • GT-RobGT-Rob Member Posts: 1,090
    Oh you are right, route-map is available in 12.4. On my home router is wasn't (12.3), but I am also running just basic IP feature set.

    So yes, if you can classify the traffic somehow, you can filter it out with a distribute list. I like the redistribution method making the routes EX.
Sign In or Register to comment.