CCNP ROUTE Lab: Filtering EIGRP Updates With Distribute Lists
In our route redistribution with distribute-lists lab, we allowed some routes to be redistributed from RIP into OSPF while preventing the advertisement of other RIP networks. We also did a little RIP-only filtering, and now it’s EIGRP’s turn in the lab.
Distribute lists can also filter all routes from being advertised via a given interface without making that interface passive and losing the adjacency, as you’ll see in our next lab using the following topology. We’re not performing route redistribution in this particular lab; we’re only working with EIGRP.
R2 is advertising those two loopback networks into EIGRP. R1 sees them, as does R5.
R1#show ip route eigrp 2.0.0.0/24 is subnetted, 1 subnets D 2.2.2.0 [90/20640000] via 172.12.123.2, 00:00:09, Serial1/0 22.0.0.0/24 is subnetted, 1 subnets D 22.2.2.0 [90/20640000] via 172.12.123.2, 00:00:04, Serial1/0
R5#show ip route eigrp 2.0.0.0/24 is subnetted, 1 subnets D 2.2.2.0 [90/20642560] via 30.1.1.1, 00:00:14, GigabitEthernet0/0 22.0.0.0/24 is subnetted, 1 subnets D 22.2.2.0 [90/20642560] via 30.1.1.1, 00:00:09, GigabitEthernet0/0 172.12.0.0/24 is subnetted, 1 subnets D 172.12.123.0 [90/20514560] via 30.1.1.1, 00:01:21, GigabitEthernet0/0
We’d like to prevent R5 from seeing those routes while allowing R1 to have them. We could make the FastEthernet interface on R1 passive, but that means no Hellos leave that interface, which in turn means we’re gonna lose that adjacency. That’s not acceptable.
R1(config)#router eigrp 100 R1(config-router)#passive-int fast0/0 %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 30.1.1.5 FastEthernet0/0) is down: interface passive
Let’s get the interface back to a non-passive state and consider other options.
R1(config)#router eigrp 100 R1(config-router)#no passive-int fast0/0 %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 30.1.1.5 (FastEthernet0/0) is up: new adjacency
We could write an ACL that denies all traffic and then apply it to R1 – or can we? Let’s find out!
R1(config)#access-list 35 deny any R1(config)#router eigrp 100 R1(config-router)#distribute-list 35 out fast0/0 %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 30.1.1.5 (FastEthernet0/0) is resync: route configuration changed
The routes have been successfully filtered. R5 no longer has the routes, but it still has the adjacency to R1.
R5#show ip route eigrp < no routes > R5#show ip eigrp neighbor EIGRP-IPv4 Neighbors for AS(100) H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 0 30.1.1.1 Gi0/0 11 00:12:20 3 200 0 15
If we ran into a situation where R1 received additional routes that we did want R5 to have, we’d need to go with a configuration similar to the previous lab, where we filtered some routes with a distribute-list.
You can verify your distribute list with show ip protocols. The pertinent output:
R1#show ip protocols Routing Protocol is "eigrp 100" Outgoing update filter list for all interfaces is not set FastEthernet0/0 filtered by 35, default is 35 Incoming update filter list for all interfaces is not set
We can also use distribute-list to filter EIGRP routes when redistribution is involved, and we’ll do just that in our next lab, which I’ll post on August 4, 2018. Right now, check out my CCNP ROUTE Study Guide on Amazon along with these other redistribution tutorials.
CCNP ROUTE Redistribution: One Protocol, Please