From: David Ankers (d.ankers@xxxxxxxxx)
Date: Mon Feb 12 2001 - 03:54:07 GMT-3
He wanted to deny _sending_ packets on a multipoint link (distribute list
out) to only certain hosts. Even if you treated the link as non broadcast by
adding neighbours to rip I can't see a way to do this with distribute lists.
Actually *I* can't see a way to do this at all, route-maps would work very
well with BGP for example but where would you asign then in rip? rip was
designed to be a broadcast protocol so I doubt it even has these knobs to
turn. The only way *I* can think of doing this is with an inbound filter on
the actual host that you don't want to see the particular route with a
distri-list in and an extended access list that says: access-list 100 deny
host <source interface of sending router> host <route>
The rate limit example would deny all inbound traffic from 192.168.33.3, and
is the same as doing this:
int eth0
ip access-class 100 in
!
access-list 100 deny host 192.168.33.3 any
access-list 100 permit any any
!
Where did eigrp come from? I must be missing something....
D.
On Monday 12 February 2001 02:47, Simon Baxter wrote:
> Why not just :
>
> router rip
> distribute-list 1 in atm6/0.1
>
> or
>
> interface ATM6/0.1 multipoint
> ip address 192.168.1.1 255.255.255.0
> rate-limit input access-group 100 8000 4470 4470 conform-action drop
> exceed-action drop
> !
> access-list 100 permit host 192.168.33.3 any
> !
>
>
> (I don't know if this second one would work, but it should deny eigrp
> packets from a specific host out the multipoint interface)
>
> ???
>
> -----Original Message-----
> From: Kurt E. Radecki [mailto:kradecki@cisco.com]
> Sent: Monday, February 12, 2001 11:44 AM
> To: Dan; CCIEList
> Subject: RE: router filtering
>
>
> Dan,
>
> That would deny all updates out of that interface. I only want to deny
> certain updates to certain remotes. In a situation where the hub is a
> physical or a point-to-multipoint subinterface, the subnet is the same for
> routers.
>
> Thoughts?
>
> -Kurt
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> Dan
> Sent: Sunday, February 11, 2001 6:37 PM
> To: Kurt E. Radecki; CCIEList
> Subject: Re: router filtering
>
>
> Kurt,
>
> Did you figure this out?
> If you want to filter the RIP update on a physical or subinterface it
> shouldn't be too difficult.
>
> Put this on the hub router
> router rip
> distribute-list 1 out (frame-relay interface)
>
> access-list 1 deny x.x.x.x (frame-relay net you want to filter from being
> advertised out).
> access-list 1 permit any
>
> Dan Pontrelli
>
> ----- Original Message -----
> From: "Kurt E. Radecki" <kradecki@cisco.com>
> To: "CCIEList" <ccielab@groupstudy.com>
> Sent: Saturday, February 10, 2001 8:48 PM
> Subject: router filtering
>
> > How does one filter routes based on a PVC? If I'm running RIP over Frame
> > Relay, and my hub interface is either a physical or point-to-multipoint
> > subinterface, I want split-horizon disabled so that routing updates will
> > pass to all remotes. But, with that, I don't want to advertise out the
> > PVC from which a routing update came. Distribute-lists don't seem to give
> > the granularity needed.
> >
> > Thoughts? Thanks.
> >
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:28:45 GMT-3