Re: EIGRP Distribute-list with Gateway command

From: Ravi Singh <way2ccie_at_gmail.com>
Date: Tue, 8 Feb 2011 11:35:08 +0000

No .. Suppose R1 F0/0 connects to R2 and R1 F1/0 connects to R3, I apply the
distribute-list in command on F1/0 and all routes coming in from R3 are
denied. What I wanted to say was the prefix-lists have not changed , so they
are

ip prefix-list DENY-ALL seq 5 deny 0.0.0.0/0 le 32
!
ip prefix-list FROM-R3 seq 5 permit 10.1.1.3/32
!
 and the distribute-list command changes to
distribute-list prefix DENY-ALL gateway FROM-R3 in FastEthernet1/0

So, if I understood you correctly, in this scenario as well , the PASS
condition is not met and R1 denies everything coming in F1/0.. is it ? I
then also wonder why does it match the routes when it is a permit using
0.0.0.0/0 le 32 and not when it is a deny ..

Ravi

On Tue, Feb 8, 2011 at 11:26 AM, Carlos G Mendioroz <tron_at_huapi.ba.ar>wrote:

> Are you applying the distribute-list to both interfaces ?
> -Carlos
>
> Ravi Singh @ 08/02/2011 08:21 -0300 dixit:
>
>> Hi Carlos,
>> Well .. while trying to get my head round this issue , I tried the same
>> config in a setup when R1 has two different ethernet interfaces connected to
>> R2 and R3 i.e R1 F0/0 connects to R2 and R1 F1/0 connects to R3 . The same
>> prefix-list statements and distribute-list works just as expected in that
>> scenario . I would assume the same mechanism would be applied in this
>> scenario as well ..
>> Regards,
>> Ravi
>>
>> On Tue, Feb 8, 2011 at 11:11 AM, Carlos G Mendioroz <tron_at_huapi.ba.ar<mailto:
>> tron_at_huapi.ba.ar>> wrote:
>>
>> Ravi,
>> updates have to PASS the filter. When you put prefix and gateway
>> conditions, they have to pass both.
>>
>> So in your first config, no route passes the prefix, it does not
>> matter where it comes from.
>>
>> -Carlos
>>
>> Ravi Singh @ 08/02/2011 01:52 -0300 dixit:
>>
>> Hello Group ,
>>
>> The below email might seem long in the first glance but it is a
>> simple
>> question with a very simple setup .
>>
>> R1
>> |
>> |
>> ------------------SW
>> | |
>> | |
>> R2 R3
>>
>> If wordwrap ruins the art, the setup is F0/0 on R1, R2 and R3
>> each is
>> connected to a common LAN segment through SW1. The IP Addresses
>> on the F0/0
>> interfaces are 10.1.1.1/24 <http://10.1.1.1/24>, 10.1.1.2/24
>> <http://10.1.1.2/24> and 10.1.1.3/24 <http://10.1.1.3/24>
>>
>> respectively. R2 and
>> R3 both have the same Loop 1, Loop 2 and Loop 3 addresses which are
>> 1.1.1.1/24 <http://1.1.1.1/24>, 2.2.2.2/24 <http://2.2.2.2/24>
>> and 3.3.3.3/24 <http://3.3.3.3/24> respectively.
>>
>>
>> R1, R2 and R3 run EIGRP between them. Here is the routing table
>> on R1 under
>> normal circumstances
>>
>> R1#sh ip route eigrp
>> 1.0.0.0/24 <http://1.0.0.0/24> is subnetted, 1 subnets
>>
>> D 1.1.1.0 [90/156160] via 10.1.1.3, 00:00:03, FastEthernet0/0
>> [90/156160] via 10.1.1.2, 00:00:03, FastEthernet0/0
>> 2.0.0.0/24 <http://2.0.0.0/24> is subnetted, 1 subnets
>>
>> D 2.2.2.0 [90/156160] via 10.1.1.3, 00:00:03, FastEthernet0/0
>> [90/156160] via 10.1.1.2, 00:00:03, FastEthernet0/0
>> 3.0.0.0/24 <http://3.0.0.0/24> is subnetted, 1 subnets
>>
>> D 3.3.3.0 [90/156160] via 10.1.1.3, 00:00:03, FastEthernet0/0
>> [90/156160] via 10.1.1.2, 00:00:03, FastEthernet0/0
>>
>> Now the objective (and the issue ) - I want to configure
>> distribute-list
>> using prefix-lists on R1 to *DENY* everything that *COMES* from
>> R3 ( bold
>> keywords just to stress on logic )
>>
>> So here are the two prefix-lists that I made
>>
>> ip prefix-list DENY-ALL seq 5 deny 0.0.0.0/0 <http://0.0.0.0/0>
>> le 32
>> !
>> ip prefix-list FROM-R3 seq 5 permit 10.1.1.3/32 <
>> http://10.1.1.3/32>
>>
>> !
>>
>> And then I used the below command to achieve what is being expected
>> router eigrp 100
>> distribute-list prefix DENY-ALL gateway FROM-R3 in FastEthernet0/0
>>
>> The output on R1 now becomes
>>
>> R1#sh ip route eigrp
>>
>> R1#
>>
>> Basically no routes. So it denies everything coming in F0/0,
>> even though I
>> specified the gateway. BUT , if I change the logic i.e *PERMIT*
>> everything
>> that does *NOT* come from R3 , it works just fine . Therefore If
>> I make the
>> prefix-lists as
>>
>> ip prefix-list NOT-FROM-R3 seq 5 deny 10.1.1.3/32
>> <http://10.1.1.3/32>
>>
>> ip prefix-list NOT-FROM-R3 seq 10 permit 0.0.0.0/0
>> <http://0.0.0.0/0> le 32
>>
>> !
>> ip prefix-list PERMIT-ALL seq 5 permit 0.0.0.0/0
>> <http://0.0.0.0/0> le 32
>>
>>
>> And the distribute-list as
>>
>> router eigrp 100
>> distribute-list prefix PERMIT-ALL gateway NOT-FROM-R3 in
>> FastEthernet0/0
>>
>> The output on R1 is as expected now .
>>
>> R1#sh ip route eigrp
>> 1.0.0.0/24 <http://1.0.0.0/24> is subnetted, 1 subnets
>>
>> D 1.1.1.0 [90/156160] via 10.1.1.2, 00:02:01, FastEthernet0/0
>> 2.0.0.0/24 <http://2.0.0.0/24> is subnetted, 1 subnets
>>
>> D 2.2.2.0 [90/156160] via 10.1.1.2, 00:02:01, FastEthernet0/0
>> 3.0.0.0/24 <http://3.0.0.0/24> is subnetted, 1 subnets
>>
>> D 3.3.3.0 [90/156160] via 10.1.1.2, 00:02:01, FastEthernet0/0
>> R1#
>>
>> So, the question is What am I doing wrong in the first method ?
>> Are there
>> some basic rules that are being broken here ?
>>
>> Regards,
>> Ravi
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>> <http://www.ccie.net/>
>>
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>> -- Carlos G Mendioroz <tron_at_huapi.ba.ar <mailto:tron_at_huapi.ba.ar
>> >>
>> LW7 EQI Argentina
>>
>>
>>
> --
> Carlos G Mendioroz <tron_at_huapi.ba.ar> LW7 EQI Argentina

Blogs and organic groups at http://www.ccie.net
Received on Tue Feb 08 2011 - 11:35:08 ART

This archive was generated by hypermail 2.2.0 : Tue Mar 01 2011 - 07:01:49 ART