Ravi,
updates have to PASS the filter. When you put prefix and gateway
conditions, they have to pass both.
So in your first config, no route passes the prefix, it does not matter
where it comes from.
-Carlos
Ravi Singh @ 08/02/2011 01:52 -0300 dixit:
> Hello Group ,
>
> The below email might seem long in the first glance but it is a simple
> question with a very simple setup .
>
> R1
> |
> |
> ------------------SW
> | |
> | |
> R2 R3
>
> If wordwrap ruins the art, the setup is F0/0 on R1, R2 and R3 each is
> connected to a common LAN segment through SW1. The IP Addresses on the F0/0
> interfaces are 10.1.1.1/24, 10.1.1.2/24 and 10.1.1.3/24 respectively. R2 and
> R3 both have the same Loop 1, Loop 2 and Loop 3 addresses which are
> 1.1.1.1/24, 2.2.2.2/24 and 3.3.3.3/24 respectively.
>
> R1, R2 and R3 run EIGRP between them. Here is the routing table on R1 under
> normal circumstances
>
> R1#sh ip route eigrp
> 1.0.0.0/24 is subnetted, 1 subnets
> D 1.1.1.0 [90/156160] via 10.1.1.3, 00:00:03, FastEthernet0/0
> [90/156160] via 10.1.1.2, 00:00:03, FastEthernet0/0
> 2.0.0.0/24 is subnetted, 1 subnets
> D 2.2.2.0 [90/156160] via 10.1.1.3, 00:00:03, FastEthernet0/0
> [90/156160] via 10.1.1.2, 00:00:03, FastEthernet0/0
> 3.0.0.0/24 is subnetted, 1 subnets
> D 3.3.3.0 [90/156160] via 10.1.1.3, 00:00:03, FastEthernet0/0
> [90/156160] via 10.1.1.2, 00:00:03, FastEthernet0/0
>
> Now the objective (and the issue ) - I want to configure distribute-list
> using prefix-lists on R1 to *DENY* everything that *COMES* from R3 ( bold
> keywords just to stress on logic )
>
> So here are the two prefix-lists that I made
>
> ip prefix-list DENY-ALL seq 5 deny 0.0.0.0/0 le 32
> !
> ip prefix-list FROM-R3 seq 5 permit 10.1.1.3/32
> !
>
> And then I used the below command to achieve what is being expected
> router eigrp 100
> distribute-list prefix DENY-ALL gateway FROM-R3 in FastEthernet0/0
>
> The output on R1 now becomes
>
> R1#sh ip route eigrp
>
> R1#
>
> Basically no routes. So it denies everything coming in F0/0, even though I
> specified the gateway. BUT , if I change the logic i.e *PERMIT* everything
> that does *NOT* come from R3 , it works just fine . Therefore If I make the
> prefix-lists as
>
> ip prefix-list NOT-FROM-R3 seq 5 deny 10.1.1.3/32
> ip prefix-list NOT-FROM-R3 seq 10 permit 0.0.0.0/0 le 32
> !
> ip prefix-list PERMIT-ALL seq 5 permit 0.0.0.0/0 le 32
>
> And the distribute-list as
>
> router eigrp 100
> distribute-list prefix PERMIT-ALL gateway NOT-FROM-R3 in FastEthernet0/0
>
> The output on R1 is as expected now .
>
> R1#sh ip route eigrp
> 1.0.0.0/24 is subnetted, 1 subnets
> D 1.1.1.0 [90/156160] via 10.1.1.2, 00:02:01, FastEthernet0/0
> 2.0.0.0/24 is subnetted, 1 subnets
> D 2.2.2.0 [90/156160] via 10.1.1.2, 00:02:01, FastEthernet0/0
> 3.0.0.0/24 is subnetted, 1 subnets
> D 3.3.3.0 [90/156160] via 10.1.1.2, 00:02:01, FastEthernet0/0
> R1#
>
> So, the question is What am I doing wrong in the first method ? Are there
> some basic rules that are being broken here ?
>
> Regards,
> Ravi
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
-- Carlos G Mendioroz <tron_at_huapi.ba.ar> LW7 EQI Argentina Blogs and organic groups at http://www.ccie.netReceived on Tue Feb 08 2011 - 08:11:59 ART
This archive was generated by hypermail 2.2.0 : Tue Mar 01 2011 - 07:01:49 ART