Re: Question on Narbik's workbook task | EIGRP Filtering from 2beone on 2010-09-14 (Ccielab archives 09/2010)

From: 2beone <2beone_at_gmail.com>
Date: Tue, 14 Sep 2010 10:01:15 +0200

Excellent. I have seen one peculiarity with this task though
which keeps me thinking and which keeps me bounded to this task.

If I do the following (incorrect solution) then indeed *only* prefixes
from R3 other
then the one blocked is allowed in the routing table.

ip prefix-list NET200P seq 5 deny 200.1.1.0/24
ip prefix-list NET200P seq 10 permit 0.0.0.0/0 le 32

ip prefix-list R3 seq 5 permit 10.1.234.3/32

router eigrp 100
network 10.1.234.4 0.0.0.0
metric maximum-hops 1
distribute-list prefix NET200P gateway R3 in
no auto-summary

R4#show ip route

Gateway of last resort is not set

D 3.0.0.0/8 [90/156160] via 10.1.234.3, 00:07:14, FastEthernet0/0
D 200.2.2.0/24 [90/156160] via 10.1.234.3, 00:00:57, FastEthernet0/0
10.0.0.0/24 is subnetted, 1 subnets
C 10.1.234.0 is directly connected, FastEthernet0/0
R4#

---- ---- ---- ---- ----

Still on the wrong solution type a strange thing happen.
The peculiarity comes when I include the interface option for
*nothing* gets blocked then.
I got carried away yesterday by this for this was the alternate
solution I tried (which was not
correct indeed but what caused something else to happen which puzzles me).
I still would like to know why this is happening.

router eigrp 100
network 10.1.234.4 0.0.0.0
metric maximum-hops 1
distribute-list prefix NET200P gateway R3 in FastEthernet0/0
no auto-summary

R4#show ip route

D 2.0.0.0/8 [90/156160] via 10.1.234.2, 00:00:03, FastEthernet0/0
D 3.0.0.0/8 [90/156160] via 10.1.234.3, 00:00:03, FastEthernet0/0
D 200.1.1.0/24 [90/156160] via 10.1.234.3, 00:00:03, FastEthernet0/0
                  [90/156160] via 10.1.234.2, 00:00:03, FastEthernet0/0
D 200.2.2.0/24 [90/156160] via 10.1.234.3, 00:00:03, FastEthernet0/0
                  [90/156160] via 10.1.234.2, 00:00:03, FastEthernet0/0
     10.0.0.0/24 is subnetted, 2 subnets
D 10.1.12.0 [90/30720] via 10.1.234.2, 00:00:03, FastEthernet0/0
C 10.1.234.0 is directly connected, FastEthernet0/0
R4#

2010/9/13 Piotr Malarski <piotr.malarski.99_at_gmail.com>:
> In your command :
> "distribute-list prefix NET200P gateway R3 in FastEthernet0/0"
> ONLY routes from R3 will be accepted. ALL routes from R2 will be rejected.
> prefix list NET200P will *additionally* filter what was not denied in
> gateway prefix list (R3).
>
> My suggestion is to use Narbik's solution :)
>
> <<<
> access-list 100 deny ip host 10.1.234.3 host 200.1.1.0
> acccess-list 100 permit ip any any
> router ei 100
> distribute-list 100 in F0/0
>>>>
>
> Another way to achieve the same goal would be:
>
> <<<<
> route-map TST deny 10
> match ip address 1
> match ip next-hop 2
> route-map TST permit 999
>
> access-list 1 permit 200.1.1.0 0.0.0.255
> access-list 2 permit 10.1.234.3
>
> router eigrp 100
> network 0.0.0.0
> distribute-list route-map TST in FastEthernet0/0
> no auto-summary
>>>>>
>
> On Mon, Sep 13, 2010 at 9:45 AM, 2beone <2beone_at_gmail.com> wrote:
>> LAB 4 - Eigrp Filtering (Task 3 page 452 VolI)
>>
>> "Configure R4 such that it ONLY takes R2 to reach Network 200.1.1.0/24"
>>
>> First I look from which sources the network is learned
>>
>> R4#show ip route 200.1.1.0 255.255.255.0
>> Routing entry for 200.1.1.0/24
>> Known via "eigrp 100", distance 90, metric 156160, type internal
>> Redistributing via eigrp 100
>> Last update from 10.1.234.3 on FastEthernet0/0, 00:02:30 ago
>> Routing Descriptor Blocks:
>> 10.1.234.3, from 10.1.234.3, 00:02:30 ago, via FastEthernet0/0
>> Route metric is 156160, traffic share count is 1
>> Total delay is 5100 microseconds, minimum bandwidth is 100000 Kbit
>> Reliability 255/255, minimum MTU 1500 bytes
>> Loading 1/255, Hops 1
>> * 10.1.234.2, from 10.1.234.2, 00:02:30 ago, via FastEthernet0/0
>> Route metric is 156160, traffic share count is 1
>> Total delay is 5100 microseconds, minimum bandwidth is 100000 Kbit
>> Reliability 255/255, minimum MTU 1500 bytes
>> Loading 1/255, Hops 1
>>
>>
>> Question
>>
>> Is this solvable with distribute-list like this: "distribute-list
>> prefix NET200P gateway R3 in FastEthernet0/0"
>> where NET200P deny the prefix and allows the rest and R3 matches the
>> IP address of R3.
>>
>> I tried it but it didn't work.. any suggestions?
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Tue Sep 14 2010 - 10:01:15 ART

This archive was generated by hypermail 2.2.0 : Fri Oct 01 2010 - 05:58:05 ART