From: Ben (bmunyao@gmail.com)
Date: Sat Jun 23 2007 - 09:05:54 ART
Yan
I came across a dated example in the archives by Brian Dennis on the use of
extended ACL with distribute-list in IGP. In a nutshell, this is what you
can do with it:
10.0.0.0/24
|-------------------R2-----------|
| .2 |
R1(e0/0)--------| | 172.16.0.0/16
.1 | |
|-------------------R3-----------|
.3
With RIPv2 on all inerfaces, the routing table on R1 will have:
R1#sh ip route rip
R 172.16.0.0 [120/1] via 10.0.0.2 e0/0
[120/1] via 10.0.0.3 e0/0
If the requirement is to have R1 use only R2 to reach 172.16.0.0, an ext ACL
can be used with a distribute-list to meet the objective as folllow:
access-l 100 deny ip host 10.0.0.3 host 172.16.0.0
access-l 100 permit ip any any
!
router rip
distribute-list 100 in e0/0
This effectively filters out RIP adverts from source 10.0.0.3 for prefix
172.16.0.0/16.
R1#sh ip route rip
R 172.16.0.0 [120/1] via 10.0.0.2 e0/0
The ext ACL source/mask is interpreted as the routing update source, while
the dest/mask is interpreted as the network prefixes being advertised.
I labbed it up and it works.
Thx
Ben
On 6/19/07, Filyurin, Yan <yan.filyurin@eds.com> wrote:
>
> Dod you have an example?
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Pat More
> Sent: Monday, June 18, 2007 11:30 PM
> To: ccielab@groupstudy.com
> Subject: RE: Using route maps in EIGRP
>
> You can use route-map for distribution-list in eigrp. Somehow Cisco
> document is not perfect and lot of flaw. Newer IOS version behaves
> differently.
>
> The route-map in the distribution-list is able to match with
> standard/extended acl, and prefix-list. You have to interprete the
> extended-acl in the format of route/mask (like in bgp). It is all IOS,
> not technology.
>
>
>
>
> Ben <bmunyao@gmail.com> Sent by: nobody@groupstudy.com
> 06/19/2007 02:53 AM
>
>
>
>
> Please respond toBen <bmunyao@gmail.com>
>
>
>
>
>
> To
> "Filyurin, Yan" <yan.filyurin@eds.com>
>
>
> cc
> "Tarun Pahuja" <pahujat@gmail.com>, ccielab@groupstudy.com
>
>
> Subject
> Re: Using route maps in EIGRP
>
>
>
>
>
> That's sums it up.EIGRP distribute-list filtering options: Standard ACL,
> Prefix-lists, in/outOSPF distribute-list filtering options: Standard
> ACL, Prefix-lists,Route-maps, in onlyBenOn 6/18/07, Filyurin, Yan
> <yan.filyurin@eds.com> wrote:Actually, at certain point and it was based
> on real life experience, Ihad someone (I can't personally complete
> verify it) attempt to do it usingextended ACL wildcards and it didn't
> work. At that time the goal was topermit specific 10.0.0.0/8 routes,
> but not 10/8 itself and what worked wasdoing a regular standard ACL
> denying 10.0.0.0 0.0.0.0 and it worked.
> Ihate to say it, but I don't remember all the details, but that seems in
> linewith that is said here.
> But to just to double check on my original question. Is it true
> that:route maps in EIGRP are only used in redistribution and when it
> comes toroute filtering, one can use ACLs and prefix-lists only with
> prefix listshaving more granularity and easier to deal with.Thank you,
> Ben and Tarun.Yan>
> ------------------------------> *From:* Tarun Pahuja
> [mailto:pahujat@gmail.com]> *Sent:* Monday, June 18, 2007 2:07 PM> *To:*
> Ben>
> *Cc:* Filyurin, Yan; ccielab@groupstudy.com> *Subject:* Re: Using route
> maps
> in EIGRP>> Ben,> My comments were based on the following
> document
> and I was> referring to standard ACLs.>>
> http://www.cisco.com/warp/public/103/eigrpfaq.shtml>> "The use of ACL
> and distribute-list under EIGRP does not work in this> case. This is
> because ACLs do not check the mask, they just check the> network
> portion. Since the network portion is the same, when you allow>
> 172.16.1.0/24, you also allow 172.16.1.0/28.">> I usually use
> Prefix-list for route filtering as it gives me more control.> I have
> seen cases where extended ACLs are used to match subnet mask, but the>
> logic is slightly different as you suggested. Destination portion
> becomes> the subnet mask portion. You will find prefix list must easier
> to implement> specially when dealing with VLSM addresses.>> HTH,>
> Tarun>
> _________________________________________________________________
> Play free games, earn tickets, get cool prizes! Join Live Search Club.
> http://club.live.com/home.aspx?icid=CLUB_wlmailtextlink
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Jul 01 2007 - 17:24:51 ART