You want to restrict what routing information is exchanged within RIP.
You can filter inbound RIP routes on a per-interface basis with a distribute list:
Router2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router2(config)#access-list 10 deny 192.168.20.0 Router2(config)#access-list 10 permit any Router2(config)#router rip Router2(config-router)#distribute-list 10 in Serial0.1 Router2(config-router)#network 172.25.0.0 Router2(config-router)#network 192.168.30.0 Router2(config-router)#end Router2#
This configuration example shows how to filter outbound RIP-based routes on a per-interface basis:
Router1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#access-list 20 permit 0.0.0.0 Router1(config)#access-list 20 deny any Router1(config)#router rip Router1(config-router)#distribute-list 20 out Serial0/0.2 Router1(config-router)# network 172.25.0.0 Router1(config-router)#end Router1#
The access list in the first configuration example in this recipe prevents this router from accepting any routing information about the network 192.168.20.0. You can see that this route, which was visible in Recipe 6.1, no longer appears in the routing table:
Router2#show ip route rip R 172.22.0.0/16 [120/1] via 172.25.2.1, 00:00:21, Serial0.1 R 172.25.1.0/24 [120/1] via 172.25.2.1, 00:00:21, Serial0.1 Router2#
The show ip protocol command shows which interfaces have inbound or outbound distribute lists:
Router2#show ip protocol
Routing Protocol is "rip"
Sending updates every 30 seconds, next due in 27 seconds
Invalid after 180 seconds, hold down 0, flushed after 240
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Serial0.1 filtered by 10 (per-user), default is 10
Redistributing: rip
Default version control: send version 1, receive any version
Interface Send Recv Triggered RIP Key-chain
Ethernet0 1 1 2
Loopback0 1 1 2
Serial0.1 1 1 2
Automatic network summarization is in effect
Maximum path: 4
Routing for Networks:
172.25.0.0
192.168.30.0
Routing Information Sources:
Gateway Distance Last Update
172.25.2.1 120 00:00:17
Distance: (default is 120)
Router2#
This shows that the interface Serial0.1 uses access-list 10 to filter incoming routing information. You can then use the show access-list command to see what this affects.
If you control both the sending and receiving routers, it is usually best to filter the routes before sending them instead of sending them across the network and then ignoring them. So inbound filtering is most common in situations where you are receiving routes from a device that you don't control. Since RIP frequently runs on end devices such as Unix servers, inbound filtering is fairly common.
You can use outbound filtering, on the other hand, for reducing the size of routing tables on access routers. For example, it is extremely useful in hub-and-spoke type WANs. In this case, each remote branch router cares only about its local segments and "everything else." It can reach all of the non-local routes via the hub router, so you can reduce unnecessary WAN bandwidth utilization and memory consumption on the branch router by configuring the hub router to send out only a single default route. In fact, when used in conjunction with the non-periodic update feature discussed in Recipe 6.11, this makes a good WAN routing solution.
The second example in the solution section of this recipe shows the configuration of a hub router so that it sends only the default route, 0.0.0.0/0. The routing table of the other router then becomes extremely simple:
Router2#show ip route rip R* 0.0.0.0/0 [120/5] via 172.25.2.1, 00:00:02, Serial0.1 Router2#
The show ip protocol command shows the filter on the hub router:
Router1#show ip protocol
Routing Protocol is "rip"
Sending updates every 30 seconds, next due in 9 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Outgoing update filter list for all interfaces is not set
Serial0/0.2 filtered by 20 (per-user), default is 20
Incoming update filter list for all interfaces is not set
Redistributing: rip
Default version control: send version 1, receive any version
Interface Send Recv Triggered RIP Key-chain
FastEthernet0/0.1 1 1 2
Serial0/0.2 1 1 2
FastEthernet0/1 1 1 2
Automatic network summarization is in effect
Maximum path: 4
Routing for Networks:
172.22.0.0
172.25.0.0
Routing Information Sources:
Gateway Distance Last Update
172.25.1.7 120 00:00:23
172.25.2.2 120 00:00:07
172.22.1.4 120 00:00:19
Distance: (default is 120)
Router1#
You can also configure the router to filter all interfaces simultaneously with a single rule:
Router2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router2(config)#access-list 10 deny 192.168.20.0 Router2(config)#access-list 10 permit any Router2(config)#router rip Router2(config-router)#distribute-list 10 in Router2(config-router)#end Router2#
This feature is rarely used, because you usually want apply different filters to different interfaces depending on what other devices are connected. But, when you want to explicitly eliminate certain unwanted routes from your network, regardless of where they originate, this is the easiest way to do it. With the show ip protocols command you can see that access list number 10 has been applied to traffic coming in from all interfaces:
Router2#show ip protocols
Routing Protocol is "rip"
Sending updates every 30 seconds, next due in 0 seconds
Invalid after 180 seconds, hold down 0, flushed after 240
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is 10
Redistributing: rip
Default version control: send version 1, receive any version
Interface Send Recv Triggered RIP Key-chain
Ethernet0 1 1 2
Loopback0 1 1 2
Serial0.1 1 1 2
Automatic network summarization is in effect
Maximum path: 4
Routing for Networks:
172.25.0.0
192.168.30.0
Routing Information Sources:
Gateway Distance Last Update
172.25.2.1 120 00:00:03
Distance: (default is 120)
Router2#
It's important to remember that while you can use global distribute lists together with interface-specific distribute lists, the result actually combines the effects of both. If you have a global distribute list that blocks a particular network, and an interface list that blocks another address, the router will block both addresses on that interface.
 |
|
|
| Top |