RE: distribution lists in RIP (filter out)

From: Chua, Parry (Parry.Chua@xxxxxxxxxx)
Date: Tue Mar 05 2002 - 01:18:37 GMT-3

   
I have do a little test, in my case the extended ACL does not work , I am not s
ure
it is the IOS/router problem until I have chances to try on other router.

The router which i try on as follow :
Rip version 2

System image file is "bootflash:cat8510m-wp-mz.120-1a.W5.5b.bin"
cisco C8515msr (R4600) processor with 65536K bytes of memory.

I have created static route 100.1.x.0/24, 100.1.0.0/16 redistribute to RIP and
apply
distribution list to one of the outgoing interface that enable with rip and do
debug ip rip to see what has send out.

1. IP prefix-list work as expected.
2. Extended access-list is not working, it behave like normal IP filtering inst
ead route
   filtering.
3. Standard access-list will not work to the expected result, however, it may w
ork depends on the type of filtering.

In this case, to permit 100.1.0.0/16 but block 100.1.0.0/24, standard access li
st cannot
differentiate this two and does not work properly, but it can filter 100.1.x.0/
24 other than the 100.1.0.0/24.

Hope to hear from others input..

Parry Chua

-----Original Message-----
From: alain faure [mailto:alainfaure@yahoo.fr]
Sent: Tuesday, March 05, 2002 4:04 AM
To: Lionel Florit
Cc: Paul Borghese; ccielab
Subject: Re: distribution lists in RIP (filter out)

Hi,

yes, but i see always the two route on the other router. i don't understand why
i m missing something about this kind of access list

Thank's

 --- Lionel Florit <lflorit@cisco.com> a icrit : > Alain,
>
> have you tried
> router rip
> distribute-list 150 out Serial0
>
> access-list 150 deny ip host 100.1.0.0 host 255.255.255.0
> access-list 150 permit ip any any
>
> Lionel
>
> At 08:11 PM 3/4/2002 +0100, alain faure wrote:
> >Hi,
> >
> >What i try is very simple but...won't work (i already read the archive
> >with out
> >succes):
> >
> >In RIP or EIGRP on a router there is two route (100.1.0.0/16 and
> 100.1.0.0/24)
> >I want to send ONLY the 100.10.0.0/16 to an other router.
> >
> >I would like to know how to do with access-list and prefix-list (if
> possible).
> >
> >rip/eigrp 1
> > distribute-list .... out serial 0
> > distribute-list prefix .... out serial 0
> >
> >And mainly how to configure access and prefix list ?
> >
> >
> >Thank's a lot
> >
> > --- Paul Borghese <pborghese@groupstudy.com> a icrit : > Ugh, of
> > course! This
> >is something that I seem to need to re-learn about
> > > once a year. Thanks for the help! Now if only I can get my EIGRP
> > > authentication to reliably work....
> > >
> > > Paul
> > >
> > >
> > >
> > >
> > >
> > > ----- Original Message -----
> > > From: "Jaeheon Yoo" <kghost@chollian.net>
> > > To: "ccielab" <ccielab@groupstudy.com>; "John Neiberger"
> <neiby@ureach.com>
> > > Sent: Sunday, March 03, 2002 7:22 PM
> > > Subject: Re: distribution lists in RIP
> > >
> > >
> > > > Yes, this is intuitively very confusing.
> > > > So, I always think this command by adding "of" before a routing
> protocol.
> > > >
> > > > distribute-list 1 out (of) ospf 1
> > > > <<-------------
> > > >
> > > > distribute-list 1 out int serial 0
> > > > --------->>
> > > >
> > > > Jaeheon,
> > > >
> > > > ----- Original Message -----
> > > > From: "John Neiberger" <neiby@ureach.com>
> > > > To: "Paul Borghese" <pborghese@groupstudy.com>;
> <ccielab@groupstudy.com>
> > > > Sent: Monday, March 04, 2002 7:34 AM
> > > > Subject: Re: distribution lists in RIP
> > > >
> > > >
> > > > >
> > > > > This is one of those things that confuses me all the time.
> > > > >
> > > > > > router rip
> > > > > > distribute-list 1 out ospf 1
> > > > >
> > > > > Intuitively, at least to me, this says to filter RIP routes
> > > > > that match access-list 1 when redistributing to OSPF 1.
> > > > > However, I don't think that's what it really does.
> > > > >
> > > > > I think it means "When redistributing routes from OSPF 1 into
> > > > > RIP, filter out routes that match access list 1 before sending
> > > > > them to other RIP neighbors." If I'm wrong I hope someone will
> > > > > correct me.
> > > > >
> > > > > Regards,
> > > > > John
> > > > >
> > > > >
> > > > > ---- On Sun, 3 Mar 2002, Paul Borghese
> > > > > (pborghese@groupstudy.com) wrote:
> > > > >
> > > > > > I have a configuration where I would like to redistribute
> > > > > from RIP to
> > > > > > OSPF.
> > > > > > I would prefer to apply a filter to limit my distributions.
> > > > > I am
> > > > > > running
> > > > > > RIP on an ethernet interface and OSPF on a serial interface.
> > > > > When I
> > > > > > apply
> > > > > > the command:
> > > > > >
> > > > > > router rip
> > > > > > distribute-list 1 out ospf 1
> > > > > >
> > > > > > It filters the RIP updates out the ethernet interface. So
> > > > > the router
> > > > > > seems
> > > > > > to ignore the fact that I told it to only filter when
> > > > > redistrbuting into
> > > > > > OSPF and instead filters regular rip updates. Here is some
> > > > > debugging
> > > > > > output:
> > > > > >
> > > > > > Before applying distribute-list 1 out ospf:
> > > > > > --------------------------------------------------------------
> > > > > ------
> > > > > > 02:24:10: RIP: sending v1 update to 255.255.255.255 via
> > > > > Ethernet0
> > > > > > (190.27.2.3)
> > > > > > 02:24:10: RIP: build update entries
> > > > > > 02:24:10: network 87.0.0.0 metric 7
> > > > > > 02:24:10: network 180.70.0.0 metric 7
> > > > > > 02:24:10: subnet 190.27.1.0 metric 7
> > > > > > 02:24:10: subnet 190.27.10.0 metric 7
> > > > > > 02:24:10: subnet 190.27.11.0 metric 7
> > > > > > --------------------------------------------------------------
> > > > > -----------
> > > > > >
> > > > > > Notice there are a number of routes being advertised out E0.
> > > > > >
> > > > > > Now I will apply the command:
> > > > > > --------------------------------------------------------------
> > > > > --------------
> > > > > > --
> > > > > > R7(config-router)#router rip
> > > > > > R7(config-router)#distribute-list 1 out ospf 1
> > > > > > R7(config-router)#
> > > > > > 02:24:15: RIP: Distribute-list changed: sending triggered
> > > > > update
> > > > > > R7(config-router)#
> > > > > > 02:24:35: RIP: sending v1 update to 255.255.255.255 via
> > > > > Ethernet0
> > > > > > (190.27.2.3)
> > > > > > 02:24:35: RIP: build update entries - suppressing null update
> > > > > > --------------------------------------------------------------
> > > > > --------------
> > > > > > --------
> > > > > >
> > > > > > Notice the update did not have any entries. So the command
> > > > > > distribute-list
> > > > > > 1 out ospf 1 blocks routes from leaving the ethernet
> > > > > interface.
> > > > > >
> > > > > > Why?
> > > > > >
> > > > > > Paul Borghese
> > > > > >

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:56:53 GMT-3