From: Zafar Khan (mahaguru@gmail.com)
Date: Thu Aug 31 2006 - 15:09:53 ART
What are your thoughts on this config
interface Ethernet0
ip address 204.12.1.1 255.255.255.0
ip access-group TEST in
router rip
version 2
passive-interface Ethernet0
network 204.12.1.0
distribute-list DENY_RIP in
no auto-summary
ip access-list standard DENY_RIP
deny any
!
ip access-list extended TEST
deny udp any any eq rip
permit ip any any
Unless the proctor write his own stack, I am quite positive he will
NEVER be able to make my e0 recieve or send ANY rip traffic (grin)
Regards
Zafar
On 8/31/06, Godswill Oletu <oletu@inbox.lv> wrote:
> Sean,
>
> !
> router rip
> redistribute connected
> !
>
> Should also be find, no need to use the route-map option. Moreso, it appears
> that all the other connected networks on R4 are being advertised into RIP
> via the 'network' statement and one will avoid the additional issues that
> might arise as a result of the restriction the 'route-map' will create.
>
> If you must use a route-map with 'redistributed connected' and IGP
> redistribution is involved, watch out for the usual pitfalls that the
> restriction on the route-map will introduction into your IGP domain and
> resolve them.
>
> Thanks.
>
> Godswill Oletu
> CCIE #16464(R&S)
>
> >>>
> ----- Original Message -----
> From: "Sean C" <Upp_and_Upp@hotmail.com>
> To: "Godswill Oletu" <oletu@inbox.lv>; "Russell Kelly (rukelly)"
> <rukelly@cisco.com>; <ccielab@groupstudy.com>
> Sent: Thursday, August 31, 2006 8:42 AM
> Subject: Re: InternetworkExpert Ver3 Lab 13 Task 4.2 RIP
>
>
> > Hi Godswill,
> >
> > What of Russell Kelly's initial suggestion of redistributing connected
> > with
> > a corresponding route-map of only F0/0?
> >
> > Curious for your thoughts,
> > Sean
> > ----- Original Message -----
> > From: "Godswill Oletu" <oletu@inbox.lv>
> > To: "Ivan" <ivan@iip.net>; <ccielab@groupstudy.com>
> > Cc: "tonynguyenchi" <tonynguyenchi.ccie@gmail.com>
> > Sent: Thursday, August 31, 2006 8:03 AM
> > Subject: Re: InternetworkExpert Ver3 Lab 13 Task 4.2 RIP
> >
> >
> >> Ivan,
> >>
> >> From your response, we both have the same understanding, agreed
> >> distribute-list will not stop the announcement of the route, but ACL will
> >> not also stop the announcement. The only thing that will stop the
> >> announcement/advertisement is appyling a passive interface on the BB
> > router
> >> doing the annoucement/advertisement, but this is beyond our reach in the
> >> lab. So, all we can do is to stop the announcement/advertisement/updates
> >> from entering the FIB on R4.
> >>
> >> Having said that, your approach is, stop and search all traffics at the
> >> interface and if they are rip traffic (udp 520) drop them at the
> > interface.
> >> The original poster's approach is, why disturb every traffic coming into
> > R4
> >> for a problem that can be resolved within the specific technology (RIP),
> >> apply a distribute-list and prevent RIP updates from that interface from
> >> getting into the FIB.
> >>
> >> Remember that, the problem here is RIP updates, first look for a RIP
> >> solution and when that is not possible either due to restrictions in
> >> place
> >> or other prevailing circumstances, then other more broader approach can
> >> be
> >> taken.
> >>
> >> If faced with a task like this either in the exam or in my production
> >> network, ACL will be part of my arsenal, but it will not be my ammunition
> > of
> >> choice to be used. Why use a Scud missile when an AK45 will take care of
> > the
> >> problem?
> >>
> >> HTH
> >>
> >> Godswill Oletu
> >> CCIE #16464
> >>
> >>
> >> ----- Original Message -----
> >> From: "Ivan" <ivan@iip.net>
> >> To: <ccielab@groupstudy.com>; "Godswill Oletu" <oletu@inbox.lv>
> >> Cc: "tonynguyenchi" <tonynguyenchi.ccie@gmail.com>
> >> Sent: Thursday, August 31, 2006 7:29 AM
> >> Subject: Re: InternetworkExpert Ver3 Lab 13 Task 4.2 RIP
> >>
> >>
> >> > Are u sure that distribute list _filter_ incoming announce? I think
> >> > that
> >> > "distribute-filter in" only control intalling this routes in FIB.
> >> >
> >> > > that should do it:
> >> > >
> >> > > passive interface will make sure you do not send and distribute-list
> >> will
> >> > > take care of receiving...
> >> > >
> >> > > Godswill Oletu
> >> > > CCIE #16464
> >> > >
> >> > >
> >> > > ----- Original Message -----
> >> > > From: "tonynguyenchi" <tonynguyenchi.ccie@gmail.com>
> >> > > To: <ccielab@groupstudy.com>
> >> > > Sent: Thursday, August 31, 2006 5:33 AM
> >> > > Subject: InternetworkExpert Ver3 Lab 13 Task 4.2 RIP
> >> > >
> >> > > > Dear Group,
> >> > > >
> >> > > > The task requires: configure R4 to advertise the 204.12.1.0/24
> > (F0/0)
> >> > >
> >> > > subnet
> >> > >
> >> > > > via RIP, but do not send and receive RIP update on this interface.
> >> > > >
> >> > > > Can I do this as the following:
> >> > > >
> >> > > > router rip
> >> > > > version 2
> >> > > > passive-interface FastEthernet0/0
> >> > > > network 139.1.0.0
> >> > > > network 150.1.0.0
> >> > > > network 204.12.1.0
> >> > > > distribute-list BLOCK_RIP in FastEthernet0/0
> >> > > > no auto-summary
> >> > > > !
> >> > > > ip access-list standard BLOCK_RIP
> >> > > > deny any
> >> > > >
> >> > > > Thanks and best regards,
> >> > > >
> >> > > > Tony
> >> > > >
> >> > > >
> >> _______________________________________________________________________
> >> > > > Subscription information may be found at:
> >> > > > http://www.groupstudy.com/list/CCIELab.html
> >> > >
> >> > >
> > _______________________________________________________________________
> >> > > Subscription information may be found at:
> >> > > http://www.groupstudy.com/list/CCIELab.html
> >> >
> >> > --
> >> > Ivan
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Sep 01 2006 - 15:41:59 ART