From: Brian Valentine (bkvalentine@gmail.com)
Date: Sat Jun 07 2008 - 23:03:30 ART
In order to keep out the connected interfaces running RIP, I would
think you would want to do something like:
access-list 1 permit 1.1.1.1
!
router RIP
distribute-list 1 in
!
router EIGRP 1
redistribute RIP metric 1 1 1 1 1
redistribute CONNECTED route-map RIP_CONNECTED
!
route-map RIP_CONNECTED deny 10
This would keep the routes out of the EIGRP process for connected
networks on which RIP is running.
Brian
On 6/7/08, Godswill Oletu <oletu@inbox.lv> wrote:
> Brian,
>
> The question can also be interpreted that way, in that case, using the
> 'distribute-list' in EIGRP will further ensure that the only RIP route being
> redistributed is the one from BB1.
>
> The point of my solution is for one to be aware that a potential bottleneck
> have been created here and it could affect other aspect of the lab down the
> road. However, if one note it down and come back to selectively add prefix
> to the ACL as might be needed in other aspect of the configuration that will
> be fine.
>
> Godswill Oletu
> CCIE #16464 (R&S)
>
>
> ----- Original Message -----
> From: "Brian K Valentine" <bkvalentine@gmail.com>
> To: <ccielab@groupstudy.com>
> Sent: Saturday, June 07, 2008 6:05 PM
> Subject: RE: Tough Filtering Question
>
>
>> Godswill,
>>
>> If you configured this as you suggest here, wouldn't you have the added
>> side-effect of redistributing routes into EIGRP for the connected
>> interfaces
>> that also happen to be running RIP? The way the question is worded, it
>> sounds like we aren't allowed to redistribute the prefixes of the
>> connected
>> interfaces running RIP into the EIGRP topology. We are only allowed to
>> redistribute the one prefix into EIGRP.
>>
>> Brian Valentine
>>
>>
>>
>>
>> -----Original Message-----
>> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>> Godswill Oletu
>> Sent: Saturday, June 07, 2008 5:43 PM
>> To: Matt Bentley; Joseph Brunner
>> Cc: Luca Hall; ccielab@groupstudy.com
>> Subject: Re: Tough Filtering Question
>>
>> The solution you have under section R1: below, will not meet the two
>> requirements set forth in the original question you posted.
>>
>>
>>
>> Your solution will only satisfy Requirement 2: and will fail to satisfy
>> requirement 1:
>>
>>
>>
>> Others here have provided you with solutions that should work find; that
>> using the ACL to control the routes that get into your RIP table and also
>> invoking the same ACL to control what gets into your EIGRP table.
>>
>>
>>
>> If I was the one executing this task, I will avoid using a
>> 'distribute-list'
>>
>> when redistributing into EIGRP from RIP.
>>
>>
>>
>> Note that the distribute-list will not only affect the RIP routes from
>> BB1,
>> but all RIPs routes from either BB2, BB3 or other Routers in your pod; so
>> as
>>
>> you can see, it will have a far reaching effect than you anticipate.
>>
>>
>>
>> I will go about the task as follows:
>>
>>
>>
>> !
>>
>> access-list 1 permit 1.1.1.1
>>
>> !
>>
>> Router RIP
>>
>> distribute-list 1 in
>>
>> !
>>
>> Router EIGRP 1
>>
>> redistribute RIP metric 1 1 1 1 1
>>
>> !
>>
>>
>>
>> This way, I am redistributing only the allowed RIP route from BB1 into
>> EIGRP
>>
>> and I am not also inadvertently filtering out from EIGRP all other RIP
>> routes that might have found their way into my Router from other sources.
>>
>>
>>
>> Always remember to keep it simple and stupid. Many times in the real lab,
>> if
>>
>> your solution are not "simple & stupid", it might mean you are thinking
>> way
>> too much and you need to throttle it down some notch.
>>
>>
>>
>>
>> Godswill Oletu
>> CCIE #16464 (R&S)
>>
>>
>> ----- Original Message -----
>> From: "Matt Bentley" <mattdbentley@gmail.com>
>> To: "Joseph Brunner" <joe@affirmedsystems.com>
>> Cc: "Luca Hall" <lhall@setnine.com>; <ccielab@groupstudy.com>
>> Sent: Saturday, June 07, 2008 5:15 PM
>> Subject: Re: Tough Filtering Question
>>
>>
>>> Thanks for everyone's advice so far. I hope I am not persisting in a
>>> wrong
>>> thought, though it's very possible.
>>>
>>> I see it this way:
>>>
>>> There is some reverse logic going on here:
>>>
>>> When you are using distribute lists, offset-lists, and distance, anything
>>> that you DENY in an acl is NOT filtered. Anything that you PERMIT is
>>> filtered.
>>>
>>> For example:
>>>
>>> offset-list TEST 16 in fa0/0
>>>
>>> ip access-list standard TEST
>>> deny 1.1.1.1
>>> permit any
>>>
>>> The 1.1.1.0 prefix would be the only prefix appear - as you are denying
>>> it
>>> from being filtered. Everything else would be filtered.
>>>
>>> If I were to do this
>>> ip access-list standard TEST
>>> permit 1.1.1.1
>>>
>>> Then only 1.1.1.0 would be filtered, and everything else denied.
>>>
>>>
>>> I know this wouldn't work, but is it along the right track? Thanks for
>>> everybody's comments
>>>
>>> R1:
>>>
>>> ip cef
>>>
>>> class-map match-all FILTER
>>> match not access-group 1
>>> match protocol rip
>>>
>>> policy-map FILTER2
>>> class FILTER
>>> drop
>>>
>>> router eigrp 100
>>> redistribute rip route-map RIP->EIGRP metric 1 1 1 1 1
>>>
>>> route-map RIP->EIGRP
>>> match ip add 1
>>>
>>> access-list 1 permit [the one prefix]
>>>
>>>
>>>
>>>
>>>
>>> On Sat, Jun 7, 2008 at 4:22 PM, Joseph Brunner <joe@affirmedsystems.com>
>>> wrote:
>>>
>>>> >This infers a DENY in the ACL being used (you can only use one ACL for
>>>> both
>>>> >tasks).
>>>>
>>>> NO actually it does not mean you must DENY anything... as a matter of
>>>> fact
>>>> the word deny need not appear in the entire config to do this... Simply
>>>> don't permit the 9 filtered routes, and they will be effectively denied
>>>> without every saying so.
>>>>
>>>> Q> what is at the end of every ACL, with at least 1 permit line?
>>>> A> a deny any...
>>>>
>>>> Q> what happens to any route that is not matched by a route-map permit
>>>> sequence if that route-map is referenced during redistribution?
>>>> A> the route is not redistributed.
>>>>
>>>> I would recommend re-reading the Wendell odom ccie exam certification
>>>> guide's page on route-map matching not/matching routes, with permit and
>>>> deny
>>>> sequences.
>>>>
>>>> -Joe
>>>>
>>>> -----Original Message-----
>>>> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>>>> Matt
>>>> Bentley
>>>> Sent: Saturday, June 07, 2008 3:52 PM
>>>> To: Luca Hall
>>>> Cc: ccielab@groupstudy.com
>>>> Subject: Re: Tough Filtering Question
>>>>
>>>> Hello Luca:
>>>>
>>>> Tough part is that you can only use one ACL for both tasks. In order to
>>>> have the route in your table to redistribute it into EIGRP, you must
>>>> prevent it from being filtered, correct? This infers a DENY in the ACL
>>>> being used (you can only use one ACL for both tasks). Since you must
>>>> use
>>
>>>> a
>>>> deny - I think, then you would be denying that route from getting
>>>> redistributed. Once again, key here is you are only allowed a single
>>>> ACL
>>>> for both tasks. Thanks again
>>>>
>>>> On Sat, Jun 7, 2008 at 3:44 PM, Luca Hall <lhall@setnine.com> wrote:
>>>>
>>>> >
>>>> > so if the routes 10.10.10.0/24 cant you just:
>>>> >
>>>> > access-list 5 permit 10.10.10.0
>>>> > router rip
>>>> > distribute-list 5 in <interface>
>>>> >
>>>> > route-map RIP->EIGRP permit 10
>>>> > match ip address 5
>>>> >
>>>> > router eigrp X
>>>> > redistribute rip route-map RIP->EIGRP metric 1 1 1 1 1
>>>> >
>>>> > wheres the tough part? if you have to use denys just deny the other
>>>> > 9 routes in the acl and permit any any or permit the specific one.
>>>> >
>>>> >
>>>> > ----- Original Message -----
>>>> > From: Matt Bentley <mattdbentley@gmail.com>
>>>> > To: ccielab@groupstudy.com
>>>> > Sent: Sat, 7 Jun 2008 15:09:42 -0400 (EDT)
>>>> > Subject: Tough Filtering Question
>>>> >
>>>> > Hi GS:
>>>> >
>>>> > Ran across this one on a lab.
>>>> >
>>>> > Requirement #1: R1 is receiving 10 RIP routes from BB1, you want to
>>>> filter
>>>> > out all except 1. You must use a standard ACL
>>>> > Requirement #2: You want to redistribute only that one route received
>>>> from
>>>> > BB1 from RIP into EIGRP on R1, restricting the redistribution to only
>>>> that
>>>> > single route. The ACL you use to restrict must be the same as the one
>>>> used
>>>> > to filter from BB1.
>>>> >
>>>> > Using distance, offset-lists, and distribute-lists, you have to DENY
>>>> > that
>>>> > single RIP route to prevent it getting filtered. Correct? How can
>>>> > you
>>>> use
>>>> > that same ACL to PERMIT it to be redistributed into EIGRP.
>>>> >
>>>> > Thanks in advance.
>>>> >
>>>> >
>>>> > _______________________________________________________________________
>>>> > Subscription information may be found at:
>>>> > http://www.groupstudy.com/list/CCIELab.html
>>>>
>>>>
>>>> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>
>>>>
>>>> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>> No virus found in this incoming message.
>> Checked by AVG.
>> Version: 8.0.100 / Virus Database: 270.0.0/1489 - Release Date: 6/7/2008
>> 11:17 AM
>>
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Tue Jul 01 2008 - 06:23:21 ART