You want restrict which routes EIGRP propagates through the network.
You can filter the routes that EIGRP receives on a particular interface (or subinterface) using the distribute-list in command as follows:
Router2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router2(config)#access-list 34 deny 192.168.30.0 Router2(config)#access-list 34 permit any Router2(config)#router eigrp 55 Router2(config-router)#distribute-list 34 in Serial0.1 Router2(config-router)#end Router2#
EIGRP also provides a distribute-list out command that allows you to filter the routes that are sent out through a particular interface (or subinterface):
Router1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#access-list 57 permit 172.25.1.0 Router1(config)#access-list 57 deny any Router1(config)#router eigrp 55 Router1(config-router)#distribute-list 57 out Serial0/0.2 Router1(config-router)#end Router1#
The best way to see the action of these distribute-list commands is to look at the routing tables both with and without the filters. In the example, this is how the routing table looked before we applied any distribute lists:
Router2#show ip route eigrp
D 192.168.30.0/24 [90/2300416] via 172.25.2.1, 00:00:06, Serial0.1
D 172.22.0.0/16 [90/2172416] via 172.25.2.1, 00:04:04, Serial0.1
172.25.0.0/16 is variably subnetted, 6 subnets, 4 masks
D 172.25.25.6/32 [90/2300416] via 172.25.2.1, 00:04:04, Serial0.1
D 172.25.25.1/32 [90/2297856] via 172.25.2.1, 00:04:04, Serial0.1
D 172.25.1.0/24 [90/2172416] via 172.25.2.1, 00:04:04, Serial0.1
D 172.25.0.0/16 is a summary, 00:06:39, Null0
D 10.0.0.0/8 [90/4357120] via 172.25.2.1, 00:04:04, Serial0.1
Router2#
Then, after applying the inbound filter, you can see that network 192.168.30.0 is gone:
Router2#show ip route eigrp
D 172.22.0.0/16 [90/2172416] via 172.25.2.1, 00:00:08, Serial0.1
172.25.0.0/16 is variably subnetted, 6 subnets, 4 masks
D 172.25.25.6/32 [90/2300416] via 172.25.2.1, 00:00:08, Serial0.1
D 172.25.25.1/32 [90/2297856] via 172.25.2.1, 00:00:08, Serial0.1
D 172.25.1.0/24 [90/2172416] via 172.25.2.1, 00:00:08, Serial0.1
D 172.25.0.0/16 is a summary, 00:08:42, Null0
D 10.0.0.0/8 [90/4357120] via 172.25.2.1, 00:00:08, Serial0.1
Router2#
You can use the show ip protocols command to see what filters have been applied to which interfaces, both inbound and outbound:
Router2#show ip protocols
Routing Protocol is "eigrp 55"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Serial0.1 filtered by 34 (per-user), default is 34
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
EIGRP maximum hopcount 100
EIGRP maximum metric variance 1
Redistributing: eigrp 55
Automatic network summarization is in effect
Automatic address summarization:
192.168.20.0/24 for Loopback0, Serial0.1
172.25.0.0/16 for Ethernet0
Summarizing with metric 128256
Maximum path: 4
Routing for Networks:
172.25.0.0
192.168.20.0
Routing Information Sources:
Gateway Distance Last Update
172.25.2.1 90 00:02:10
Distance: internal 90 external 170
Router2#
The second example in the solution section of this recipe shows an outbound distribute list. It is difficult to see the effect of an outbound filter from the router that has the filter, so we will apply this filter to the neighbor device.
Look back at the output of the previous show ip route eigrp command to see what the routing table looked like before applying this filter. Then, after applying the outbound distribute-list command on the neighboring router, the routing table looks like this:
Router2#show ip route eigrp
172.25.0.0/16 is variably subnetted, 4 subnets, 4 masks
D 172.25.1.0/24 [90/2172416] via 172.25.2.1, 00:03:56, Serial0.1
Router2#
Note that we have applied an extremely restrictive outbound route filter. This technique is often used in WAN situations where there is only one path from the remote site to the rest of the network. In such cases, it is often possible to send only a few summary routes, or perhaps even a single default route, 0.0.0.0/0.
Again, the show ip protocols command shows information about both the filters and the interfaces that they act on:
Router1#show ip protocols
Routing Protocol is "eigrp 55"
Outgoing update filter list for all interfaces is not set
Serial0/0.2 filtered by 57 (per-user), default is 57
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
EIGRP maximum hopcount 100
EIGRP maximum metric variance 1
Redistributing: eigrp 55
Automatic network summarization is in effect
Automatic address summarization:
172.25.0.0/16 for FastEthernet0/1, Serial0/1
Summarizing with metric 28160
172.22.0.0/16 for FastEthernet0/0.1, Serial0/0.2, Loopback0
Serial0/1
Summarizing with metric 28160
10.0.0.0/8 for FastEthernet0/0.1, Serial0/0.2, Loopback0
FastEthernet0/1
Summarizing with metric 3845120
Maximum path: 4
Routing for Networks:
10.0.0.0
172.22.0.0
172.25.0.0
Routing Information Sources:
Gateway Distance Last Update
10.1.1.1 90 00:04:45
172.25.1.7 90 00:04:45
172.25.2.2 90 00:04:45
172.22.1.4 90 00:04:45
Distance: internal 90 external 170
Router1#
You can also use prefix lists to filter routes with EIGRP. This technique is most commonly used for filtering routes with BGP. Prefix lists do essentially the same thing as the access lists that we have already discussed. But they give you a different way to approach filtering that is in some ways more in tune with how we think about routing. And, because of the highly granular control they offer, it is often much easier to configure a prefix list to do the same job as an access list. Further, in mixed BGP/EIGRP networks, it can be extremely convenient to be able to use the same method for both routing protocols:
Router2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router2(config)#ip prefix-list Inbound seq 10 permit 10.0.0.0/8 Router2(config)#ip prefix-list Inbound seq 20 deny 10.0.0.0/8 ge 9 Router2(config)#ip prefix-list Inbound seq 30 permit 0.0.0.0/0 le 32 Router2(config)#router eigrp 55 Router2(config-router)#distribute-list prefix Inbound in Serial0.1 Router2(config-router)#end Router2#
There are three lines in the prefix list called "Inbound" in this example. The first line permits the 10.0.0.0/8 network. The second line denies any network belonging to 10.0.0.0 that has a mask with 9 or more bits. The final line permits all other routes.
Again, to see how this works it is easiest to look at the routing table before and after applying the filter. So, in this case we will start with a routing table that looks like this:
Router2#show ip route eigrp
D 192.168.30.0/24 [90/2300416] via 172.25.2.1, 00:00:16, Serial0.1
10.0.0.0/8 is variably subnetted, 3 subnets, 3 masks
D EX 10.0.0.0/8 [170/4357120] via 172.25.2.1, 00:00:16, Serial0.1
D 10.2.2.0/24 [90/2300416] via 172.25.2.1, 00:00:16, Serial0.1
D 10.1.1.0/30 [90/4357120] via 172.25.2.1, 00:00:16, Serial0.1
D*EX 0.0.0.0/0 [170/2172416] via 172.25.2.1, 00:00:16, Serial0.1
Router2#
After applying the filter, this routing table is reduced to the following:
Router2#show ip route eigrp D 192.168.30.0/24 [90/2300416] via 172.25.2.1, 00:00:22, Serial0.1 D EX 10.0.0.0/8 [170/4357120] via 172.25.2.1, 00:00:22, Serial0.1 D*EX 0.0.0.0/0 [170/2172416] via 172.25.2.1, 00:00:22, Serial0.1 Router2#
|
|
|
| Top |