EIGRP Distribute-list with Gateway command from Ravi Singh on 2011-02-08 (Ccielab archives 02/2011)

From: Ravi Singh <way2ccie_at_gmail.com>
Date: Tue, 8 Feb 2011 04:52:40 +0000

Hello Group ,

The below email might seem long in the first glance but it is a simple
question with a very simple setup .

          R1
           |
           |
    ------------------SW
      | |
      | |
      R2 R3

If wordwrap ruins the art, the setup is F0/0 on R1, R2 and R3 each is
connected to a common LAN segment through SW1. The IP Addresses on the F0/0
interfaces are 10.1.1.1/24, 10.1.1.2/24 and 10.1.1.3/24 respectively. R2 and
R3 both have the same Loop 1, Loop 2 and Loop 3 addresses which are
1.1.1.1/24, 2.2.2.2/24 and 3.3.3.3/24 respectively.

R1, R2 and R3 run EIGRP between them. Here is the routing table on R1 under
normal circumstances

R1#sh ip route eigrp
     1.0.0.0/24 is subnetted, 1 subnets
D 1.1.1.0 [90/156160] via 10.1.1.3, 00:00:03, FastEthernet0/0
                [90/156160] via 10.1.1.2, 00:00:03, FastEthernet0/0
     2.0.0.0/24 is subnetted, 1 subnets
D 2.2.2.0 [90/156160] via 10.1.1.3, 00:00:03, FastEthernet0/0
                [90/156160] via 10.1.1.2, 00:00:03, FastEthernet0/0
     3.0.0.0/24 is subnetted, 1 subnets
D 3.3.3.0 [90/156160] via 10.1.1.3, 00:00:03, FastEthernet0/0
                [90/156160] via 10.1.1.2, 00:00:03, FastEthernet0/0

Now the objective (and the issue ) - I want to configure distribute-list
using prefix-lists on R1 to *DENY* everything that *COMES* from R3 ( bold
keywords just to stress on logic )

So here are the two prefix-lists that I made

ip prefix-list DENY-ALL seq 5 deny 0.0.0.0/0 le 32
!
ip prefix-list FROM-R3 seq 5 permit 10.1.1.3/32
!

And then I used the below command to achieve what is being expected
router eigrp 100
distribute-list prefix DENY-ALL gateway FROM-R3 in FastEthernet0/0

The output on R1 now becomes

R1#sh ip route eigrp

R1#

Basically no routes. So it denies everything coming in F0/0, even though I
specified the gateway. BUT , if I change the logic i.e *PERMIT* everything
that does *NOT* come from R3 , it works just fine . Therefore If I make the
prefix-lists as

ip prefix-list NOT-FROM-R3 seq 5 deny 10.1.1.3/32
ip prefix-list NOT-FROM-R3 seq 10 permit 0.0.0.0/0 le 32
!
ip prefix-list PERMIT-ALL seq 5 permit 0.0.0.0/0 le 32

And the distribute-list as

router eigrp 100
distribute-list prefix PERMIT-ALL gateway NOT-FROM-R3 in FastEthernet0/0

The output on R1 is as expected now .

R1#sh ip route eigrp
     1.0.0.0/24 is subnetted, 1 subnets
D 1.1.1.0 [90/156160] via 10.1.1.2, 00:02:01, FastEthernet0/0
     2.0.0.0/24 is subnetted, 1 subnets
D 2.2.2.0 [90/156160] via 10.1.1.2, 00:02:01, FastEthernet0/0
     3.0.0.0/24 is subnetted, 1 subnets
D 3.3.3.0 [90/156160] via 10.1.1.2, 00:02:01, FastEthernet0/0
R1#

So, the question is What am I doing wrong in the first method ? Are there
some basic rules that are being broken here ?

Regards,
Ravi

Blogs and organic groups at http://www.ccie.net
Received on Tue Feb 08 2011 - 04:52:40 ART

This archive was generated by hypermail 2.2.0 : Tue Mar 01 2011 - 07:01:49 ART