RE: Using route maps in EIGRP

From: Filyurin, Yan (yan.filyurin@eds.com)
Date: Sat Jun 23 2007 - 14:46:42 ART

And I tried it too and it works great and I like it even better than
doing gateway lists if they want all advertisements blocked. While it
is slightly off the original, it is still great. I am going to
experiment with EIGRP options. thank you

________________________________

        From: Ben [mailto:bmunyao@gmail.com]
        Sent: Saturday, June 23, 2007 8:06 AM
        To: Filyurin, Yan
        Cc: Pat More; ccielab@groupstudy.com
        Subject: Re: Using route maps in EIGRP

        Yan

        I came across a dated example in the archives by Brian Dennis on
the use of extended ACL with distribute-list in IGP. In a nutshell, this
is what you can do with it:

                   10.0.0.0/24
                            |-------------------R2-----------|
                            | .2 |
        R1(e0/0)--------| |
172.16.0.0/16
            .1 | |
                            |-------------------R3-----------|
                                             .3

        With RIPv2 on all inerfaces, the routing table on R1 will have:

        R1#sh ip route rip

        R 172.16.0.0 [120/1] via 10.0.0.2 e0/0
                           [120/1] via 10.0.0.3 e0/0

        If the requirement is to have R1 use only R2 to reach
172.16.0.0, an ext ACL can be used with a distribute-list to meet the
objective as folllow:

        access-l 100 deny ip host 10.0.0.3 host 172.16.0.0
        access-l 100 permit ip any any
        !
        router rip
          distribute-list 100 in e0/0

        This effectively filters out RIP adverts from source 10.0.0.3
for prefix 172.16.0.0/16.

        R1#sh ip route rip

        R 172.16.0.0 [120/1] via 10.0.0.2 e0/0

        The ext ACL source/mask is interpreted as the routing update
source, while the dest/mask is interpreted as the network prefixes being
advertised.

        I labbed it up and it works.

        Thx

        Ben

        On 6/19/07, Filyurin, Yan <yan.filyurin@eds.com > wrote:

                Dod you have an example?

                -----Original Message-----
                From: nobody@groupstudy.com
[mailto:nobody@groupstudy.com] On Behalf Of
                Pat More
                Sent: Monday, June 18, 2007 11:30 PM
                To: ccielab@groupstudy.com
                Subject: RE: Using route maps in EIGRP

                You can use route-map for distribution-list in eigrp.
Somehow Cisco
                document is not perfect and lot of flaw. Newer IOS
version behaves
                differently.

                The route-map in the distribution-list is able to match
with
                standard/extended acl, and prefix-list. You have to
interprete the
                extended-acl in the format of route/mask (like in bgp).
It is all IOS,
                not technology.

                Ben < bmunyao@gmail.com <mailto:bmunyao@gmail.com> >
Sent by: nobody@groupstudy.com
                06/19/2007 02:53 AM

                Please respond toBen <bmunyao@gmail.com >

                To
                "Filyurin, Yan" <yan.filyurin@eds.com>

                cc
                "Tarun Pahuja" <pahujat@gmail.com >,
ccielab@groupstudy.com

                Subject
                Re: Using route maps in EIGRP

                That's sums it up.EIGRP distribute-list filtering
options: Standard ACL,
                Prefix-lists, in/outOSPF distribute-list filtering
options: Standard
                ACL, Prefix-lists,Route-maps, in onlyBenOn 6/18/07,
Filyurin, Yan
                <yan.filyurin@eds.com> wrote:Actually, at certain point
and it was based
                on real life experience, Ihad someone (I can't
personally complete
                verify it) attempt to do it usingextended ACL wildcards
and it didn't
                work. At that time the goal was topermit specific
10.0.0.0/8 routes,
                but not 10/8 itself and what worked wasdoing a regular
standard ACL
                denying 10.0.0.0 0.0.0.0 and it worked.
                Ihate to say it, but I don't remember all the details,
but that seems in
                linewith that is said here.
                But to just to double check on my original question. Is
it true
                that:route maps in EIGRP are only used in redistribution
and when it
                comes toroute filtering, one can use ACLs and
prefix-lists only with
                prefix listshaving more granularity and easier to deal
with.Thank you,
                Ben and Tarun.Yan>
                ------------------------------> *From:* Tarun Pahuja
                [mailto:pahujat@gmail.com ]> *Sent:* Monday, June 18,
2007 2:07 PM> *To:*
                Ben>
                *Cc:* Filyurin, Yan; ccielab@groupstudy.com> *Subject:*
Re: Using route
                maps
                in EIGRP>> Ben,> My comments were based on the
following
                document
                and I was> referring to standard ACLs.>>
                http://www.cisco.com/warp/public/103/eigrpfaq.shtml>>
"The use of ACL
                and distribute-list under EIGRP does not work in this>
case. This is
                because ACLs do not check the mask, they just check the>
network
                portion. Since the network portion is the same, when you
allow>
                172.16.1.0/24, you also allow 172.16.1.0/28.">> I
usually use
                Prefix-list for route filtering as it gives me more
control.> I have
                seen cases where extended ACLs are used to match subnet
mask, but the>
                logic is slightly different as you suggested.
Destination portion
                becomes> the subnet mask portion. You will find prefix
list must easier
                to implement> specially when dealing with VLSM
addresses.>> HTH,>
                Tarun>

This archive was generated by hypermail 2.1.4 : Sun Jul 01 2007 - 17:24:51 ART