Aut inveniam viam aut faciam

EIGRP Filtering – Named Mode – Route-maps / Access-lists / Prefix-lists

EIGRP Filtering – Named Mode – Route-maps / Access-lists / Prefix-lists

 – Metric Maximum-hops

     -> Discards routes over a certain hop count

     -> Default hop count is 100

     -> Configuring will cause neighbor relationships to bounce

R3(config)# router eigrp AS100

 add ipv4 auto 100

  topology base

   metric maximum-hops 1

 – Distribute-list – Standard ACL

     -> Filter network(s)

     -> Deny match

     -> Permit any to allow the rest

     -> In or out

     -> (Optional)  Interface

R3(config)# access-list 1 deny 1.1.1.0 0.0.0.255

access-list 1 permit any

router ei AS100

 add ipv4 auto 100

  topology base

   distrib 1 in f0/1

    — or — 

R3(config)# access-list 1 deny 1.1.1.0 0.0.0.255

access-list 1 permit any

router eigrp AS100

 add ipv4 auto 100

  topology base

   distrib 1 out f0/0

 – Distribute-list – Default deny – Standard ACL

     -> Filter network(s) that are not permitted

          -> Permit match

     -> Default deny match all other networks

     -> In or out

     -> (Optional)  Interface

R3(config)# access-list 1 permit 1.1.1.1 0.0.0.255

router eigrp AS100

 add ipv4 auto 100

  topology base

   distribute-list 1 in fa0/1

 – Distribute-list – Filter Every Other Network – Standard ACL

     -> Filter networks

     -> Deny match

     -> Permit any to allow the rest

     -> In or out

     -> (Optional)  Interface

! Deny even routes

R3(config)# access-list 1 deny 1.1.0.0 0.0.254.255

 access-list 1 permit any

router eigrp AS100

 add ipv4 auto 100

  topology base

   distribute-list 1 in fa0/1

! Deny odd routes

R3(config)# access-list 1 deny 1.1.1.0 0.0.254.255

 access-list 1 permit any

router eigrp AS100

 add ipv4 auto 100

  topology base

   distribute-list 1 out fa0/0

 – Distribute-list – Filter Every Other Network – Default Deny – Standard ACL

     -> Filter network(s) that are not permitted

     -> Permit match

     -> Default deny match all other networks

     -> In or out

     -> (Optional)  Interface

! Permit even routes

R3(config)# access-list 1 permit 1.1.0.0 0.0.254.255

router eigrp AS100

 add ipv4 auto 100

  topology base

   distribute-list 1 in fa0/1

! Permit odd routes

R3(config)# access-list 1 permit 1.1.1.0 0.0.254.255

router eigrp AS100

 add ipv4 auto 100

  topology base

   distribute-list 1 out fa0/0

 – Distribute-list – Filter Every Other Network – Allow All Other Networks – Standard ACL

     -> Filter network(s) that are not permitted

     -> Permit match

     -> Deny match

     -> Permit any to allow the rest

     -> In or out

     -> (Optional)  Interface

R3(config)# access-list 1 permit 1.1.0.0 0.0.254.255

 access-list 1 deny 1.1.0.0 0.0.255.255

 access-list 1 permit any

router eigrp AS100

 add ipv4 auto 100

  topology base

   distribute-list 1 in fa0/1

– Distribute-list – Extended ACL

     -> Filter network(s)

     -> First IP address (source address) is the route source

        -> Who did we learn the route from?

        -> Not who first advertised the route.

     -> Second IP address (destination address) is the network(s) to filter

     -> Deny match

     -> Permit any to allow the rest

     -> In or out

     -> (Optional)  Interface

R3(config)#access-list 100 deny ip any host 1.1.1.0

access-list 100 permit ip any any

router eigrp AS100

 add ipv4 auto 100

  topology base

  distribute-list 100 in f0/1

    — or — 

R3(config)#access-list 100 deny ip any 1.1.1.0 0.0.0.255

access-list 100 permit ip any any

router eigrp AS100

 add ipv4 auto 100

  topology base

   distribute-list 100 out f0/0

– Distribute-list – Filter From Specific Route Source – Extended ACL

     -> Filter network(s)

     -> First IP address (source address) is the route source

        -> Who did we learn the route from?

        -> Not who first advertised the route.

     -> Second IP address (destination address) is the network(s) to filter

     -> Deny match

     -> In only

     -> (Optional)  Interface

R3(config)# access-list 100 deny ip host 23.1.1.2 host 2.2.2.0 

access-list 100 permit ip any any

router eigrp AS100

 add ipv4 auto 100

  topology base

   distribute-list 100 in f0/1

    — or — 

R3(config)# access-list 100 deny ip host 23.1.1.2 2.2.2.0 0.0.0.255

access-list 100 permit ip any any

router eigrp AS100

 add ipv4 auto 100

  topology base

   distribute-list 100 in f0/1

    -> Output of: debug eigrp fsm

    -> *Oct  1 22:33:26.525: DUAL: AS(100) Removing dest 1.1.1.0/24, nexthop 23.1.1.2

    -> *Oct  1 22:33:26.526: DUAL: AS(100) Removing dest 1.1.1.0/24, nexthop 34.1.1.4

    -> *Oct  1 22:33:26.526: DUAL: AS(100) No routes.  Flushing dest 1.1.1.0/24

R3(config)# access-list 100 deny ip host 23.1.1.2 host 2.2.2.0 

access-list 100 permit ip any any

router eigrp AS100

 add ipv4 auto 100

  topology base

   distribute-list 100 out f0/0

 – Distribute-list – Route-map – Standard ACL

     -> Filter network(s)

     -> ACL permit match

     -> Route-map deny match

     -> Route-map permit to allow the rest

     -> In or out

     -> (Optional)  Interface

R3(config)# access-list 1 permit 1.1.1.0 0.0.0.255

route-map FILTER deny 10

 match ip add 1

route-map FILTER permit 90

router eigrp AS100

 add ipv4 auto 100

  topology base

   distribute-list route-map FILTER in fa0/0

 – Distribute-list – Use Existing Route-map – Standard ACL

     -> Filter network(s)

     -> Add continue option to existing route-map to continue evaluating

     -> Deny match

     -> Permit any to allow the rest

     -> In or out

     -> (Optional)  Interface

R1(config)# access-list 2 2.2.2.0.0.0.255

route-map EXISTING deny 10

 continue 20

route-map EXISTING deny 20

 match ip add 2

route-map EXISTING permit 90

router eigrp AS100

 add ipv4 auto 100

  topology base

   distribute-list route-map EXISTING in fa0/0

 – Distribute-list – Route-map – Extended ACL

     -> Filter network(s)

     -> ACL permit match

     -> Route-map deny match

     -> Route-map permit to allow the rest

     -> In or out

     -> (Optional)  Interface

R3(config)# access-list 100 permit ip host 1.1.1.0 host 255.255.255.0

route-map FILTER deny 10

 match ip add 100

route-map FILTER permit 90

router eigrp AS100

 add ipv4 auto 100

  topology base

   distribute-list route-map FILTER out fa0/0

 – Distribute-list – Filter Specific Networks and Subnet Masks – Route-map – Extended ACL

     -> Filter network(s)

         -> Filter 1.1.0.0/16 subnets with a subnet mask of /24

     -> ACL permit match

     -> Route-map deny match

     -> Route-map permit to allow the rest

     -> In or out

     -> (Optional)  Interface

R1(config)#int lo2

R1(config-if)#ip add 1.1.3.1 255.255.255.0

R3(config)# access-list 100 permit ip 1.1.0.0 0.0.255.255 host 255.255.255.0

route-map FILTER deny 10

 match ip add 100

route-map FILTER permit 90

router eigrp AS100

 add ipv4 auto 100

  topology base

   distribute-list route-map FILTER in fa0/1

 – Distribute-list – Match Metric – Route-map

     -> Match a range of composite metrics

     -> Route-map deny 

     -> Match metric

     -> Route-map permit to allow the rest

     -> In or out

     -> (Optional)  Interface

R1(config)# route-map METRIC-DENY deny 10

 match metric 2141056 +- 25600

route-map METRIC-DENY permit 90

router eigrp AS100

 add ipv4 auto 100

  topology base

   distribute-list route-map METRIC-DENY in fa0/0

 – Distribute-list – Set Tag – Route-map

    -> Set a route tag

    -> Route-map permit

    -> Set tag

    -> In or out

    -> (Optional)  Interface

R1(config)# route-map TAG permit 10

 set tag 90

router eigrp AS100

 add ipv4 auto 100

  topology base

   distribute-list route-map TAG out fa0/0

 – Redistribute – Set Tag – Route-map

    -> Set a route tag

    -> Route-map permit

    -> Set tag

R1(config)# route-map TAG permit 10

set tag 90

router eigrp AS100

 add ipv4 auto 100

  no network 1.1.1.1 0.0.0.0

  topology base

   redistribute connected route-map TAG

 – Distribute-list – Match Tag – Route-map

     -> Match a route tag

     -> Route-map deny 

     -> Match tag

     -> Route-map permit to allow the rest

     -> In or out

     -> (Optional)  Interface

R2(config)# route-map TAG-DENY deny 10

 match tag 90

route-map TAG-DENY permit 90

router eigrp AS100

 add ipv4 auto 100

  topology base

   distribute-list route-map TAG-DENY in fa0/0

 

 – Distribute-list – Match Source-protocol – Route-map

     -> Match a source protocol

     -> Route-map deny

     -> match protocol

     -> Route-map permit to allow the rest

     -> In or out

     -> (Optional)  Interface

R1(config)# route-map FILTER deny 10

 match source-protocol eigrp 100

route-map FILTER permit 90

router eigrp AS100

 add ipv4 auto 100

  topology base

   distribute-list route-map FILTER in fa0/0

– Distribute-list – Prefix-list

     -> Filter network(s)

     -> deny match

     -> permit 0.0.0.0/0 le 32 to allow the rest

     -> In or out

     -> (Optional)  Interface

R3(config)# ip prefix-list NET_1.1.1.0 deny 1.1.1.0/24

 ip prefix-list NET_1.1.1.0 permit 0.0.0.0/0 le 32

router eigrp 100

 distribute-list prefix NET_1.1.1.0 out fa0/0

    -> Output of: debug ip eigrp

    ->  *Sep 30 21:24:30.755: EIGRP-IPv4(100): table(default): 1.1.1.0/24 – denied by distribute list

 – Distribute-list – Filter Default Route – Prefix-list

     -> Filter network(s) that are not permitted

          -> Permit match

     -> Default deny match all other networks

     -> In or out

     -> (Optional)  Interface

R1(config)#access-list 1 permit 1.1.0.0 0.0.255.255

R1(config)#route-map LEAK_1.1.0.0 permit 10

R1(config-route-map)#match ip add 1

R1(config-route-map)#int f0/0

R1(config-if)#ip summary-address eigrp 100 0.0.0.0 0.0.0.0 leak-map LEAK_1.1.0.0

R3(config)# ip prefix-list DENY_DEFAULT deny 0.0.0.0/0

 ip prefix-list DENY_DEFAULT permit 0.0.0.0/0 le 32

router eigrp AS100

 add ipv4 auto 100

  topology base

   distribute-list prefix DENY_DEFAULT in fa0/1

 – Distribute-list – Filter from Specific Source – Prefix-list

     -> Filter network(s)

               -> prefix-list 1

               -> deny match to filter

               -> permit match to allow

          -> (Optional)  permit 0.0.0.0/0 le 32 to allow the rest

     -> Filter source

               -> prefix-list 2

               -> permit match

     -> In or out

     -> (Optional)  Interface

R3(config)# ip prefix-list NET_1.1.1.0 deny 1.1.1.0/24

 ip prefix-list NET_1.1.1.0 permit 0.0.0.0/0 le 32

 ip prefix-list GW_23.1.1.2 permit 23.1.1.2/32

router eigrp AS100

 add ipv4 auto 100

  topology base

   distribute-list prefix NET_1.1.1.0 gateway GW_23.1.1.2 in fa0/1

 – Distribute-list – Route-map – Prefix-list

     -> Filter network(s)

     -> Prefix-list permit match

     -> Route-map deny match

     -> Route-map permit to allow the rest

     -> In or out

     -> (Optional)  Interface

R3(config)# ip prefix-list NET_1.1.1.0 permit 1.1.1.0/24

route-map FILTER deny 10

 match ip add prefix NET_1.1.1.0

route-map FILTER permit 90

router eigrp AS100

 add ipv4 auto 100

  topology base

   distribute-list route-map FILTER in fa0/1

 – Manipulate Administrative Distance – Standard ACL

     -> Change AD

          -> Increase the AD to make the route less desirable

          -> Decrease the AD to make the route more desirable

     -> Locally significant

     -> IP address is the route source

          -> 0.0.0.0 255.255.255.255 -> any route source

     -> Permit match

R2(config)# access-list 1 permit 1.1.1.0 0.0.0.255

router eigrp AS100

 add ipv4 auto 100

  topology base

   distance 91 0.0.0.0 255.255.255.255 1

 – Manipulate Administrative Distance – Prefer One Route Source Over Another – Standard ACL

     -> Change AD

          -> Increase the AD to make the route less desirable

          -> Decrease the AD to make the route more desirable

     -> Locally significant 

     -> IP address is the route source

     -> Permit match

R2(config)# access-list 1 permit 1.1.1.0 0.0.0.255

router eigrp AS100

 add ipv4 auto 100

  topology base

   distance 91 12.1.1.1 0.0.0.0 1

 – Manipulate Administrative Distance – Filter Network – Standard ACL

     -> Change AD to make network unreachable

     -> IP address is the route source

          -> 0.0.0.0 255.255.255.255 -> any route source

     ->Permit match

R2(config)# access-list 1 permit 1.1.1.0 0.0.0.255

router eigrp AS100

 add ipv4 auto 100

  topology base

   distance 255 0.0.0.0 255.255.255.255 1

 – Manipulate Administrative Distance – Filter External Networks – No ACL

     -> Change AD to make external networks unreachable

R1(config)# router eigrp AS100

 add ipv4 auto 100

  topology base

   distance eigrp 90 255

 – Summary-address – Leak-map – Standard ACL

     -> Create summary-address

     -> Leak additional route(s)

     -> Permit match

R1(config)# access-list 1 permit 1.1.1.0 0.0.255.255

route-map LEAK_1.1.0.0 permit 10

 match ip add 1

router eigrp AS100

 add ipv4 auto 100

  af-interface f0/0

   summary-address eigrp 100 1.1.0.0 255.255.0.0 leak-map LEAK_1.1.0.0

 – Summary-address – Leak-map – Advertise All Specific Routes – No ACL

     -> Create a summary-address

     -> Leak additional all more specific route(s)

     -> No ACL is configured

          -> If the route-map is does not reference an ACL or a referenced ACL does not exist, all of the specific routes are advertised

R1(config)# route-map LEAK_1.1.0.0 permit 10

router eigrp AS100

 add ipv4 auto 100

  af-interface f0/0

   summary-address eigrp 100 100 1.1.0.0 255.255.0.0 leak-map LEAK_1.1.0.0

 – Duplicate Router-IDs

     -> Routes originated by the routers will be discarded by the other router

R1(config)# router eigrp AS100

 add ipv4 auto 100

  eigrp router-id 1.1.1.1

R2(config)# router eigrp AS100

 add ipv4 auto 100

  eigrp router-id 1.1.1.1

 – Stub Routing – Receive Only

     -> Receive routes only

     -> Do not advertise any route(s)

R1(config)# router eigrp AS100

 add ipv4 auto 100

  eigrp stub receive-only

 – Passive Interface

     -> Suppress routing updates on an interface

R1(config)# router eigrp AS100

 add ipv4 auto 100

  af-interface f0/0

   passive-interface

 – Lab Network

     -> R1 (f0/0) —- (f0/0) R2 (f0/1) —- (f0/1) R3 (f0/0) —- (f0/1) R4

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! R1




conf t


!

int f0/0

 ip add 12.1.1.1 255.255.255.0


int lo1

 ip add 1.1.2.1 255.255.255.255


int lo2

 ip add 1.1.3.1 255.255.255.0


int lo3

 ip add 1.1.4.1 255.255.255.255


!

router ei AS100

 address-family ipv4 auto 100

  netw 12.1.1.1 0.0.0.0

  netw 1.1.1.1 0.0.0.0

  netw 1.1.2.1 0.0.0.0

  netw 1.1.3.1 0.0.0.0

  netw 1.1.4.1 0.0.0.0


end


!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! R2




conf t


!

int f0/0

 ip add 12.1.1.2 255.255.255.0

int f0/1

 ip add 23.1.1.2 255.255.255.0

int lo0

 ip add 2.2.2.2 255.255.255.255

!

router ei AS100

 address-family ipv4 auto 100

  netw 12.1.1.2 0.0.0.0

  netw 23.1.1.2 0.0.0.0

  netw 2.2.2.2 0.0.0.0


end

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! R3




conf t


!

int f0/0

 ip add 34.1.1.3 255.255.255.0

int f0/1

 ip add 23.1.1.3 255.255.255.0

int lo0

 ip add 3.3.3.3 255.255.255.255

!

router ei AS100

 address-family ipv4 auto 100

  netw 23.1.1.3 0.0.0.0

  netw 34.1.1.3 0.0.0.0

  netw 3.3.3.3 0.0.0.0


end

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! R4





conf t


!

int f0/1

 ip add 34.1.1.4 255.255.255.0

int lo0

 ip add 4.4.4.4 0.0.0.0

!

router ei AS100

 address-family ipv4 auto 100

  netw 34.1.1.4 0.0.0.0

  netw 4.4.4.4 0.0.0.0

 end

Comments are closed.

This entry was posted on Friday, August 20th, 2021 at 3:10 am and is filed under CCIE. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.