RE: Route filtering

From: Dustin.Yates@xxxxxxxxxxxx
Date: Mon Jun 03 2002 - 23:56:53 GMT-3

• Next message: Ahmed Mamoor Amimi: "lab swap july in singapore"
• Previous message: Paul: "RE: Route filtering"
• Maybe in reply to: Paul: "Route filtering"
• Next in thread: Paul: "RE: Route filtering"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
LOL... I was hoping you were going to say you weren't using ver 2 and that
this would work... Let's try this:

Using my previous example and presuming the correct level of code, place the
distribute list using the same access-list 77 on the outgoing interface on
R4. Now, create a prefix list:

ip prefix-list RIPFilter seq 5 deny 200.0.0.0/8 ge 25
ip prefix-list RIPFilter seq 10 permit 0.0.0.0/0 le 32

Apply this prefix-list in the incoming distribute-list on R5.

I did and it looks ok... Not going to say it's bullet-proof, but I think it
works.

-----Original Message-----
From: Paul [mailto:p_chopin@yahoo.com]
Sent: Monday, June 03, 2002 9:29 PM
To: Dustin.Yates@ercgroup.com
Cc: ccielab@groupstudy.com
Subject: RE: Route filtering

I doesn't solve the problem. Configure 200.200.9.0/29
on loopback and then filter. You will see that you
geting mask different then 24. The 3rd octate will be
fine but mask will be wrong. I want only /24 of
200.200.x.0.
Try
--- Dustin.Yates@ercgroup.com wrote:
> Paul, I sent this one the other day, but maybe you
> didn't see it:
>
> deny 200.200.0.0 0.0.254.0
> perm any
>
> Now, here's the distribute list in action:
>
> r4:
> router rip
> version 2
> network 155.10.0.0
> network 200.200.0.0
> network 200.200.1.0
> network 200.200.2.0
> network 200.200.3.0
> network 200.200.4.0
> network 200.200.5.0
>
> R4#siib
> Interface IP-Address OK?
> Method Status
> Prot
> ocol
> FastEthernet0/0 155.10.44.4 YES NVRAM
> up
> up
>
> Serial0/0 155.10.45.4 YES NVRAM
> up
> up
>
> Loopback0 155.10.4.4 YES NVRAM
> up
> up
>
> Loopback1 200.200.1.1 YES
> manual up
> up
>
> Loopback2 200.200.2.1 YES
> manual up
> up
>
> Loopback3 200.200.3.1 YES
> manual up
> up
>
> Loopback4 200.200.4.1 YES
> manual up
> up
>
> Loopback5 200.200.5.1 YES
> manual up
> up
>
> R5#sir
> Codes: C - connected, S - static, I - IGRP, R - RIP,
> M - mobile, B - BGP
> D - EIGRP, EX - EIGRP external, O - OSPF, IA
> - OSPF inter area
> N1 - OSPF NSSA external type 1, N2 - OSPF
> NSSA external type 2
> E1 - OSPF external type 1, E2 - OSPF external
> type 2, E - EGP
> i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS
> level-2, ia - IS-IS inter
> area
> * - candidate default, U - per-user static
> route, o - ODR
> P - periodic downloaded static route
>
> Gateway of last resort is not set
>
> R 200.200.4.0/24 [120/1] via 155.10.45.4,
> 00:00:22, Serial0/0.45
> R 200.200.5.0/24 [120/1] via 155.10.45.4,
> 00:00:22, Serial0/0.45
> 155.10.0.0/16 is variably subnetted, 16
> subnets, 3 masks
> R 155.10.4.0/24 [120/1] via 155.10.45.4,
> 00:00:12, Serial0/0.45
> R 155.10.44.0/24 [120/1] via 155.10.45.4,
> 00:00:13, Serial0/0.45
> R 200.200.1.0/24 [120/1] via 155.10.45.4,
> 00:00:25, Serial0/0.45
> R 200.200.2.0/24 [120/1] via 155.10.45.4,
> 00:00:25, Serial0/0.45
> R 200.200.3.0/24 [120/1] via 155.10.45.4,
> 00:00:25, Serial0/0.45
> R5#conf t
> Enter configuration commands, one per line. End
> with CNTL/Z.
> R5(config)#access-list 77 deny 200.200.0.0 0.0.254.0
> R5(config)#access-list 77 perm any
> R5(config)#router rip
> R5(config-router)#distr
> R5(config-router)#distribute-list 77 in s0/0.45
> R5(config-router)#end
> R5#clear ip route
> 04:20:36: %SYS-5-CONFIG_I: Configured from console
> by console
> R5#clear ip route *
> R5#sir
> Codes: C - connected, S - static, I - IGRP, R - RIP,
> M - mobile, B - BGP
> D - EIGRP, EX - EIGRP external, O - OSPF, IA
> - OSPF inter area
> N1 - OSPF NSSA external type 1, N2 - OSPF
> NSSA external type 2
> E1 - OSPF external type 1, E2 - OSPF external
> type 2, E - EGP
> i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS
> level-2, ia - IS-IS inter
> area
> * - candidate default, U - per-user static
> route, o - ODR
> P - periodic downloaded static route
>
> Gateway of last resort is not set
>
> R 200.200.5.0/24 [120/1] via 155.10.45.4,
> 00:00:11, Serial0/0.45
> 155.10.0.0/16 is variably subnetted, 16
> subnets, 3 masks
> R 155.10.4.0/24 [120/1] via 155.10.45.4,
> 00:00:12, Serial0/0.45
> R 155.10.44.0/24 [120/1] via 155.10.45.4,
> 00:00:13, Serial0/0.45
> R 200.200.1.0/24 [120/1] via 155.10.45.4,
> 00:00:13, Serial0/0.45
> R 200.200.3.0/24 [120/1] via 155.10.45.4,
> 00:00:13, Serial0/0.45
> R5#
>
> -----Original Message-----
> From: Paul [mailto:p_chopin@yahoo.com]
> Sent: Monday, June 03, 2002 5:44 PM
> To: ccielab@groupstudy.com
> Subject: Route filtering
>
>
> Hi guys,
> I'm reposting the question from couple days.I think
> it
> is worth looking at it again.Nobody so far was able
> to
>
> come up with any solid answer.
> What I'm trying to do is to prevent rip from
> learning
> certain prefixes over the interface.I only should
> allow
> networks 200.200.x.0/24 where x is odd number.So
> guys
> pay attention, we filtering on networks and prefix
> size.
> I use distribute-list statement under rip. Ip prefix
> list doesn't seem to work in this case.
> Extended access list block all the networks.?When I
> use standard access lists it works, but I'm getting
> all sorts of prefixes, not just /24.
> Any ideas
> Thanks.
>
>

• Next message: Ahmed Mamoor Amimi: "lab swap july in singapore"
• Previous message: Paul: "RE: Route filtering"
• Maybe in reply to: Paul: "Route filtering"
• Next in thread: Paul: "RE: Route filtering"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jul 02 2002 - 08:12:23 GMT-3