EIGRP Filtering – Named Mode – Route-maps / Access-lists / Prefix-lists
EIGRP Filtering – Named Mode – Route-maps / Access-lists / Prefix-lists
– Metric Maximum-hops
-> Discards routes over a certain hop count
-> Default hop count is 100
-> Configuring will cause neighbor relationships to bounce
R3(config)# router eigrp AS100
add ipv4 auto 100
topology base
metric maximum-hops 1
– Distribute-list – Standard ACL
-> Filter network(s)
-> Deny match
-> Permit any to allow the rest
-> In or out
-> (Optional) Interface
R3(config)# access-list 1 deny 1.1.1.0 0.0.0.255
access-list 1 permit any
router ei AS100
add ipv4 auto 100
topology base
distrib 1 in f0/1
— or —
R3(config)# access-list 1 deny 1.1.1.0 0.0.0.255
access-list 1 permit any
router eigrp AS100
add ipv4 auto 100
topology base
distrib 1 out f0/0
– Distribute-list – Default deny – Standard ACL
-> Filter network(s) that are not permitted
-> Permit match
-> Default deny match all other networks
-> In or out
-> (Optional) Interface
R3(config)# access-list 1 permit 1.1.1.1 0.0.0.255
router eigrp AS100
add ipv4 auto 100
topology base
distribute-list 1 in fa0/1
– Distribute-list – Filter Every Other Network – Standard ACL
-> Filter networks
-> Deny match
-> Permit any to allow the rest
-> In or out
-> (Optional) Interface
! Deny even routes
R3(config)# access-list 1 deny 1.1.0.0 0.0.254.255
access-list 1 permit any
router eigrp AS100
add ipv4 auto 100
topology base
distribute-list 1 in fa0/1
! Deny odd routes
R3(config)# access-list 1 deny 1.1.1.0 0.0.254.255
access-list 1 permit any
router eigrp AS100
add ipv4 auto 100
topology base
distribute-list 1 out fa0/0
– Distribute-list – Filter Every Other Network – Default Deny – Standard ACL
-> Filter network(s) that are not permitted
-> Permit match
-> Default deny match all other networks
-> In or out
-> (Optional) Interface
! Permit even routes
R3(config)# access-list 1 permit 1.1.0.0 0.0.254.255
router eigrp AS100
add ipv4 auto 100
topology base
distribute-list 1 in fa0/1
! Permit odd routes
R3(config)# access-list 1 permit 1.1.1.0 0.0.254.255
router eigrp AS100
add ipv4 auto 100
topology base
distribute-list 1 out fa0/0
– Distribute-list – Filter Every Other Network – Allow All Other Networks – Standard ACL
-> Filter network(s) that are not permitted
-> Permit match
-> Deny match
-> Permit any to allow the rest
-> In or out
-> (Optional) Interface
R3(config)# access-list 1 permit 1.1.0.0 0.0.254.255
access-list 1 deny 1.1.0.0 0.0.255.255
access-list 1 permit any
router eigrp AS100
add ipv4 auto 100
topology base
distribute-list 1 in fa0/1
– Distribute-list – Extended ACL
-> Filter network(s)
-> First IP address (source address) is the route source
-> Who did we learn the route from?
-> Not who first advertised the route.
-> Second IP address (destination address) is the network(s) to filter
-> Deny match
-> Permit any to allow the rest
-> In or out
-> (Optional) Interface
R3(config)#access-list 100 deny ip any host 1.1.1.0
access-list 100 permit ip any any
router eigrp AS100
add ipv4 auto 100
topology base
distribute-list 100 in f0/1
— or —
R3(config)#access-list 100 deny ip any 1.1.1.0 0.0.0.255
access-list 100 permit ip any any
router eigrp AS100
add ipv4 auto 100
topology base
distribute-list 100 out f0/0
– Distribute-list – Filter From Specific Route Source – Extended ACL
-> Filter network(s)
-> First IP address (source address) is the route source
-> Who did we learn the route from?
-> Not who first advertised the route.
-> Second IP address (destination address) is the network(s) to filter
-> Deny match
-> In only
-> (Optional) Interface
R3(config)# access-list 100 deny ip host 23.1.1.2 host 2.2.2.0
access-list 100 permit ip any any
router eigrp AS100
add ipv4 auto 100
topology base
distribute-list 100 in f0/1
— or —
R3(config)# access-list 100 deny ip host 23.1.1.2 2.2.2.0 0.0.0.255
access-list 100 permit ip any any
router eigrp AS100
add ipv4 auto 100
topology base
distribute-list 100 in f0/1
-> Output of: debug eigrp fsm
-> *Oct 1 22:33:26.525: DUAL: AS(100) Removing dest 1.1.1.0/24, nexthop 23.1.1.2
-> *Oct 1 22:33:26.526: DUAL: AS(100) Removing dest 1.1.1.0/24, nexthop 34.1.1.4
-> *Oct 1 22:33:26.526: DUAL: AS(100) No routes. Flushing dest 1.1.1.0/24
R3(config)# access-list 100 deny ip host 23.1.1.2 host 2.2.2.0
access-list 100 permit ip any any
router eigrp AS100
add ipv4 auto 100
topology base
distribute-list 100 out f0/0
– Distribute-list – Route-map – Standard ACL
-> Filter network(s)
-> ACL permit match
-> Route-map deny match
-> Route-map permit to allow the rest
-> In or out
-> (Optional) Interface
R3(config)# access-list 1 permit 1.1.1.0 0.0.0.255
route-map FILTER deny 10
match ip add 1
route-map FILTER permit 90
router eigrp AS100
add ipv4 auto 100
topology base
distribute-list route-map FILTER in fa0/0
– Distribute-list – Use Existing Route-map – Standard ACL
-> Filter network(s)
-> Add continue option to existing route-map to continue evaluating
-> Deny match
-> Permit any to allow the rest
-> In or out
-> (Optional) Interface
R1(config)# access-list 2 2.2.2.0.0.0.255
route-map EXISTING deny 10
continue 20
route-map EXISTING deny 20
match ip add 2
route-map EXISTING permit 90
router eigrp AS100
add ipv4 auto 100
topology base
distribute-list route-map EXISTING in fa0/0
– Distribute-list – Route-map – Extended ACL
-> Filter network(s)
-> ACL permit match
-> Route-map deny match
-> Route-map permit to allow the rest
-> In or out
-> (Optional) Interface
R3(config)# access-list 100 permit ip host 1.1.1.0 host 255.255.255.0
route-map FILTER deny 10
match ip add 100
route-map FILTER permit 90
router eigrp AS100
add ipv4 auto 100
topology base
distribute-list route-map FILTER out fa0/0
– Distribute-list – Filter Specific Networks and Subnet Masks – Route-map – Extended ACL
-> Filter network(s)
-> Filter 1.1.0.0/16 subnets with a subnet mask of /24
-> ACL permit match
-> Route-map deny match
-> Route-map permit to allow the rest
-> In or out
-> (Optional) Interface
R1(config)#int lo2
R1(config-if)#ip add 1.1.3.1 255.255.255.0
R3(config)# access-list 100 permit ip 1.1.0.0 0.0.255.255 host 255.255.255.0
route-map FILTER deny 10
match ip add 100
route-map FILTER permit 90
router eigrp AS100
add ipv4 auto 100
topology base
distribute-list route-map FILTER in fa0/1
– Distribute-list – Match Metric – Route-map
-> Match a range of composite metrics
-> Route-map deny
-> Match metric
-> Route-map permit to allow the rest
-> In or out
-> (Optional) Interface
R1(config)# route-map METRIC-DENY deny 10
match metric 2141056 +- 25600
route-map METRIC-DENY permit 90
router eigrp AS100
add ipv4 auto 100
topology base
distribute-list route-map METRIC-DENY in fa0/0
– Distribute-list – Set Tag – Route-map
-> Set a route tag
-> Route-map permit
-> Set tag
-> In or out
-> (Optional) Interface
R1(config)# route-map TAG permit 10
set tag 90
router eigrp AS100
add ipv4 auto 100
topology base
distribute-list route-map TAG out fa0/0
– Redistribute – Set Tag – Route-map
-> Set a route tag
-> Route-map permit
-> Set tag
R1(config)# route-map TAG permit 10
set tag 90
router eigrp AS100
add ipv4 auto 100
no network 1.1.1.1 0.0.0.0
topology base
redistribute connected route-map TAG
– Distribute-list – Match Tag – Route-map
-> Match a route tag
-> Route-map deny
-> Match tag
-> Route-map permit to allow the rest
-> In or out
-> (Optional) Interface
R2(config)# route-map TAG-DENY deny 10
match tag 90
route-map TAG-DENY permit 90
router eigrp AS100
add ipv4 auto 100
topology base
distribute-list route-map TAG-DENY in fa0/0
– Distribute-list – Match Source-protocol – Route-map
-> Match a source protocol
-> Route-map deny
-> match protocol
-> Route-map permit to allow the rest
-> In or out
-> (Optional) Interface
R1(config)# route-map FILTER deny 10
match source-protocol eigrp 100
route-map FILTER permit 90
router eigrp AS100
add ipv4 auto 100
topology base
distribute-list route-map FILTER in fa0/0
– Distribute-list – Prefix-list
-> Filter network(s)
-> deny match
-> permit 0.0.0.0/0 le 32 to allow the rest
-> In or out
-> (Optional) Interface
R3(config)# ip prefix-list NET_1.1.1.0 deny 1.1.1.0/24
ip prefix-list NET_1.1.1.0 permit 0.0.0.0/0 le 32
router eigrp 100
distribute-list prefix NET_1.1.1.0 out fa0/0
-> Output of: debug ip eigrp
-> *Sep 30 21:24:30.755: EIGRP-IPv4(100): table(default): 1.1.1.0/24 – denied by distribute list
– Distribute-list – Filter Default Route – Prefix-list
-> Filter network(s) that are not permitted
-> Permit match
-> Default deny match all other networks
-> In or out
-> (Optional) Interface
R1(config)#access-list 1 permit 1.1.0.0 0.0.255.255
R1(config)#route-map LEAK_1.1.0.0 permit 10
R1(config-route-map)#match ip add 1
R1(config-route-map)#int f0/0
R1(config-if)#ip summary-address eigrp 100 0.0.0.0 0.0.0.0 leak-map LEAK_1.1.0.0
R3(config)# ip prefix-list DENY_DEFAULT deny 0.0.0.0/0
ip prefix-list DENY_DEFAULT permit 0.0.0.0/0 le 32
router eigrp AS100
add ipv4 auto 100
topology base
distribute-list prefix DENY_DEFAULT in fa0/1
– Distribute-list – Filter from Specific Source – Prefix-list
-> Filter network(s)
-> prefix-list 1
-> deny match to filter
-> permit match to allow
-> (Optional) permit 0.0.0.0/0 le 32 to allow the rest
-> Filter source
-> prefix-list 2
-> permit match
-> In or out
-> (Optional) Interface
R3(config)# ip prefix-list NET_1.1.1.0 deny 1.1.1.0/24
ip prefix-list NET_1.1.1.0 permit 0.0.0.0/0 le 32
ip prefix-list GW_23.1.1.2 permit 23.1.1.2/32
router eigrp AS100
add ipv4 auto 100
topology base
distribute-list prefix NET_1.1.1.0 gateway GW_23.1.1.2 in fa0/1
– Distribute-list – Route-map – Prefix-list
-> Filter network(s)
-> Prefix-list permit match
-> Route-map deny match
-> Route-map permit to allow the rest
-> In or out
-> (Optional) Interface
R3(config)# ip prefix-list NET_1.1.1.0 permit 1.1.1.0/24
route-map FILTER deny 10
match ip add prefix NET_1.1.1.0
route-map FILTER permit 90
router eigrp AS100
add ipv4 auto 100
topology base
distribute-list route-map FILTER in fa0/1
– Manipulate Administrative Distance – Standard ACL
-> Change AD
-> Increase the AD to make the route less desirable
-> Decrease the AD to make the route more desirable
-> Locally significant
-> IP address is the route source
-> 0.0.0.0 255.255.255.255 -> any route source
-> Permit match
R2(config)# access-list 1 permit 1.1.1.0 0.0.0.255
router eigrp AS100
add ipv4 auto 100
topology base
distance 91 0.0.0.0 255.255.255.255 1
– Manipulate Administrative Distance – Prefer One Route Source Over Another – Standard ACL
-> Change AD
-> Increase the AD to make the route less desirable
-> Decrease the AD to make the route more desirable
-> Locally significant
-> IP address is the route source
-> Permit match
R2(config)# access-list 1 permit 1.1.1.0 0.0.0.255
router eigrp AS100
add ipv4 auto 100
topology base
distance 91 12.1.1.1 0.0.0.0 1
– Manipulate Administrative Distance – Filter Network – Standard ACL
-> Change AD to make network unreachable
-> IP address is the route source
-> 0.0.0.0 255.255.255.255 -> any route source
->Permit match
R2(config)# access-list 1 permit 1.1.1.0 0.0.0.255
router eigrp AS100
add ipv4 auto 100
topology base
distance 255 0.0.0.0 255.255.255.255 1
– Manipulate Administrative Distance – Filter External Networks – No ACL
-> Change AD to make external networks unreachable
R1(config)# router eigrp AS100
add ipv4 auto 100
topology base
distance eigrp 90 255
– Summary-address – Leak-map – Standard ACL
-> Create summary-address
-> Leak additional route(s)
-> Permit match
R1(config)# access-list 1 permit 1.1.1.0 0.0.255.255
route-map LEAK_1.1.0.0 permit 10
match ip add 1
router eigrp AS100
add ipv4 auto 100
af-interface f0/0
summary-address eigrp 100 1.1.0.0 255.255.0.0 leak-map LEAK_1.1.0.0
– Summary-address – Leak-map – Advertise All Specific Routes – No ACL
-> Create a summary-address
-> Leak additional all more specific route(s)
-> No ACL is configured
-> If the route-map is does not reference an ACL or a referenced ACL does not exist, all of the specific routes are advertised
R1(config)# route-map LEAK_1.1.0.0 permit 10
router eigrp AS100
add ipv4 auto 100
af-interface f0/0
summary-address eigrp 100 100 1.1.0.0 255.255.0.0 leak-map LEAK_1.1.0.0
– Duplicate Router-IDs
-> Routes originated by the routers will be discarded by the other router
R1(config)# router eigrp AS100
add ipv4 auto 100
eigrp router-id 1.1.1.1
R2(config)# router eigrp AS100
add ipv4 auto 100
eigrp router-id 1.1.1.1
– Stub Routing – Receive Only
-> Receive routes only
-> Do not advertise any route(s)
R1(config)# router eigrp AS100
add ipv4 auto 100
eigrp stub receive-only
– Passive Interface
-> Suppress routing updates on an interface
R1(config)# router eigrp AS100
add ipv4 auto 100
af-interface f0/0
passive-interface
– Lab Network
-> R1 (f0/0) —- (f0/0) R2 (f0/1) —- (f0/1) R3 (f0/0) —- (f0/1) R4
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! R1
conf t
!
int f0/0
ip add 12.1.1.1 255.255.255.0
int lo1
ip add 1.1.2.1 255.255.255.255
int lo2
ip add 1.1.3.1 255.255.255.0
int lo3
ip add 1.1.4.1 255.255.255.255
!
router ei AS100
address-family ipv4 auto 100
netw 12.1.1.1 0.0.0.0
netw 1.1.1.1 0.0.0.0
netw 1.1.2.1 0.0.0.0
netw 1.1.3.1 0.0.0.0
netw 1.1.4.1 0.0.0.0
end
!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! R2
conf t
!
int f0/0
ip add 12.1.1.2 255.255.255.0
int f0/1
ip add 23.1.1.2 255.255.255.0
int lo0
ip add 2.2.2.2 255.255.255.255
!
router ei AS100
address-family ipv4 auto 100
netw 12.1.1.2 0.0.0.0
netw 23.1.1.2 0.0.0.0
netw 2.2.2.2 0.0.0.0
end
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! R3
conf t
!
int f0/0
ip add 34.1.1.3 255.255.255.0
int f0/1
ip add 23.1.1.3 255.255.255.0
int lo0
ip add 3.3.3.3 255.255.255.255
!
router ei AS100
address-family ipv4 auto 100
netw 23.1.1.3 0.0.0.0
netw 34.1.1.3 0.0.0.0
netw 3.3.3.3 0.0.0.0
end
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! R4
conf t
!
int f0/1
ip add 34.1.1.4 255.255.255.0
int lo0
ip add 4.4.4.4 0.0.0.0
!
router ei AS100
address-family ipv4 auto 100
netw 34.1.1.4 0.0.0.0
netw 4.4.4.4 0.0.0.0
end