From: David Wolsefer (dwolsefer@xxxxxxxx)
Date: Tue Feb 20 2001 - 16:57:59 GMT-3
I agree with you, of course. I wasn't thinking in terms of performance so
much as the KISS principle. KISS = Keep It Simple Stupid. Permitting only
the desired subnet is very easy for me to understand.
Regards,
David Wolsefer
-----Original Message-----
From: Mask Of Zorro [mailto:ciscokid00@hotmail.com]
Sent: Tuesday, February 20, 2001 11:39 AM
To: dwolsefer@wams.com; cory.hebert-eds@eds.com
Cc: ccielab@groupstudy.com
Subject: RE: how do I stop connected routes from being injected?
Of course you are correct David, but I just wanted to point out that there
is no performance penalty for using one line as opposed to 2. With
access-lists, I tend to prefer those that are clear and easy to read and
understand over those that might be more "efficient".
Even with an access-list that spans dozens of lines, shaving of 6 or 10
really doesn't impact your performance and if it makes the function of the
list less clear it should be avoided.
Just my opinion...
Z
>From: "David Wolsefer" <dwolsefer@wams.com>
>Reply-To: "David Wolsefer" <dwolsefer@wams.com>
>To: "Hebert, Cory J \(cory.hebert@wcom.com\)" <cory.hebert-eds@eds.com>
>CC: <ccielab@groupstudy.com>
>Subject: RE: how do I stop connected routes from being injected?
>Date: Tue, 20 Feb 2001 11:21:27 -0800
>
>Look at the access-list. You specified:
>
>access-list 100 deny ip host 201.112.97.192 host 255.255.255.224
>access-list 100 permit ip any any
>
>201.112.97.192 is the network. You can't use the host keyword because there
>is no host 201.112.97.192. Look at it in binary.
>
>192 = 1100 0000, the first three bits are network as seen by the
>255.255.255.224 mask. Redo your access-list to deny that network subnet.
>Why
>not redo the access-list to permit only the network you want, this way you
>can do it in a single line instead of two. Remember the implicit deny. You
>also need to use inverse masks with access-lists, not regular subnet masks.
>You should be using 0.0.0.31, not 255.255.255.224.
>
>Regards,
>
>David Wolsefer, CCIE #5858
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
>Hebert, Cory J (cory.hebert@wcom.com)
>Sent: Tuesday, February 20, 2001 11:00 AM
>To: 'Tracy Blackmore'
>Cc: 'ccielab@groupstudy.com'
>Subject: RE: how do I stop connected routes from being injected?
>
>
>Here's my config. Any clues why I can't stop S0's subnet from being
>advertised to downstream neighbors?
>
>interface Serial0
> ip address 201.112.97.194 255.255.255.224
> no fair-queue
>!
>interface TokenRing0
> ip address 201.112.97.17 255.255.255.248
> ring-speed 16
>!
>router eigrp 1
> passive-interface Serial0
> network 201.112.97.0
> distribute-list 100 out connected
> no auto-summary
>!
>access-list 100 deny ip host 201.112.97.192 host 255.255.255.224
>access-list 100 permit ip any any
>!
>
>
>-----Original Message-----
>From: Tracy Blackmore [mailto:TracyB@TSLAD.com]
>Sent: Tuesday, February 20, 2001 12:49 PM
>To: Hebert, Cory J (cory.hebert@wcom.com)
>Subject: RE: how do I stop connected routes from being injected?
>
>
>Try removing the connected from the distribute-list out command. A general
>distribute-list out should keep EIGRP from advertising the routes specified
>in the list.
>
>Tracy W. Blackmore
>T.S. Lad Consulting
>1026 E Stanford Ave.
>Gilbert, AZ., 85234
>(480)558-0472
>
> -----Original Message-----
>From: Hebert, Cory J (cory.hebert@wcom.com)
>[mailto:cory.hebert-eds@eds.com]
>Sent: Tuesday, February 20, 2001 11:42 AM
>To: 'Amyn Naran'; Pablo Thoma; 'ccielab@groupstudy.com'
>Subject: RE: how do I stop connected routes from being injected?
>
>Thanks for the help guys. But, I guess I should have mentioned that I
>already have passive-interfaces defined, and that still does not help. I
>thought that 'distriblute-list x out conneected' would have done it, but
>that didn't help either.
>
>Cory
>
>
>-----Original Message-----
>From: Amyn Naran [mailto:amyn_naran@yahoo.com]
>Sent: Tuesday, February 20, 2001 12:14 PM
>To: Pablo Thoma; Hebert, Cory J (cory.hebert@wcom.com)
>Subject: Re: how do I stop connected routes from being injected?
>
>
>
>remember the intent of the passive intf - to NOT advertise but listen.
>
>--- Pablo Thoma <pthoma@employees.org> wrote:
> > try
> >
> > passive-interface
> >
> > for those that you wish not to be included.
> >
> > Cheers,
> >
> > Pablo
> >
> > "Hebert, Cory J (cory.hebert@wcom.com)" wrote:
> >
> > > Hi all,
> > >
> > > I have simple question for you guys. I have a router running
> > eigrp, and all
> > > interfaces on the router have subnets of the same major classful
> > network.
> > > Well, obviously, I put the classful network statement under eigrp.
> > Well, as
> > > soon as eigrp sees that it has an interface belonging to the same
> > classful
> > > network defined under the eigrp process, it injects the connected
> > route into
> > > the process.
> > >
> > > I've tried 'no redistribute connected', 'distribute-list x out
> > connected',
> > > nothing works. Can someone help me to stop this connected route
> > from being
> > > injected into eigrp, so that the downstream router doesn't learn
> > it?
> > >
> > > Thanks!
> > >
> > > Cory
> > >
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:28:54 GMT-3