Re: EIGRP Distribute-list with Gateway command

From: Carlos G Mendioroz <tron_at_huapi.ba.ar>
Date: Tue, 08 Feb 2011 09:04:33 -0300

I'm loosing you now. Sorry.
Your first reply
difference when you
is that you are not

DLs are applied
goes through. As

Or am I missing something ?
-Carlos

Ravi Singh
>
>
>
> so they are
>
>
> !
>
> !
>
>
>
>
>
>
>
>
> Ravi
>
>
>
>
>
> -Carlos
>
>
>
>
>
>
>
>
>
>
>
>
> Ravi
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> --
>
>
>
>

 -- Carlos G Mendioroz Blogs and organic

Received

This message:

Next message:

Maybe in

Next in

This archive was : Tue Mar 01 2011 - 07:01:49 ART to me was, as I understood it, asking why the use a different interface. And the answer to that applying the DL to the new interface. to interfaces, so if no DL applied, then everything no list applies to F0/0, R2 routes pass. @ 08/02/2011 08:35 -0300 dixit: No .. Suppose R1 F0/0 connects to R2 and R1 F1/0 connects to R3, I apply the distribute-list in command on F1/0 and all routes coming in from R3 are denied. What I wanted to say was the prefix-lists have not changed , ip prefix-list DENY-ALL seq 5 deny 0.0.0.0/0 <http://0.0.0.0/0> le 32 ip prefix-list FROM-R3 seq 5 permit 10.1.1.3/32 <http://10.1.1.3/32> and the distribute-list command changes to distribute-list prefix DENY-ALL gateway FROM-R3 in FastEthernet1/0 So, if I understood you correctly, in this scenario as well , the PASS condition is not met and R1 denies everything coming in F1/0.. is it ? I then also wonder why does it match the routes when it is a permit using 0.0.0.0/0 <http://0.0.0.0/0> le 32 and not when it is a deny .. On Tue, Feb 8, 2011 at 11:26 AM, Carlos G Mendioroz <tron_at_huapi.ba.ar <mailto:tron_at_huapi.ba.ar>> wrote: Are you applying the distribute-list to both interfaces ? Ravi Singh @ 08/02/2011 08:21 -0300 dixit: Hi Carlos, Well .. while trying to get my head round this issue , I tried the same config in a setup when R1 has two different ethernet interfaces connected to R2 and R3 i.e R1 F0/0 connects to R2 and R1 F1/0 connects to R3 . The same prefix-list statements and distribute-list works just as expected in that scenario . I would assume the same mechanism would be applied in this scenario as well .. Regards, On Tue, Feb 8, 2011 at 11:11 AM, Carlos G Mendioroz <tron_at_huapi.ba.ar <mailto:tron_at_huapi.ba.ar> <mailto:tron_at_huapi.ba.ar <mailto:tron_at_huapi.ba.ar>>> wrote: Ravi, updates have to PASS the filter. When you put prefix and gateway conditions, they have to pass both. So in your first config, no route passes the prefix, it does not matter where it comes from. -Carlos Ravi Singh @ 08/02/2011 01:52 -0300 dixit: Hello Group , The below email might seem long in the first glance but it is a simple question with a very simple setup . R1 | | ------------------SW | | | | R2 R3 If wordwrap ruins the art, the setup is F0/0 on R1, R2 and R3 each is connected to a common LAN segment through SW1. The IP Addresses on the F0/0 interfaces are 10.1.1.1/24 <http://10.1.1.1/24> <http://10.1.1.1/24>, 10.1.1.2/24 <http://10.1.1.2/24> <http://10.1.1.2/24> and 10.1.1.3/24 <http://10.1.1.3/24> <http://10.1.1.3/24> respectively. R2 and R3 both have the same Loop 1, Loop 2 and Loop 3 addresses which are 1.1.1.1/24 <http://1.1.1.1/24> <http://1.1.1.1/24>, 2.2.2.2/24 <http://2.2.2.2/24> <http://2.2.2.2/24> and 3.3.3.3/24 <http://3.3.3.3/24> <http://3.3.3.3/24> respectively. R1, R2 and R3 run EIGRP between them. Here is the routing table on R1 under normal circumstances R1#sh ip route eigrp 1.0.0.0/24 <http://1.0.0.0/24> <http://1.0.0.0/24> is subnetted, 1 subnets D 1.1.1.0 [90/156160] via 10.1.1.3, 00:00:03, FastEthernet0/0 [90/156160] via 10.1.1.2, 00:00:03, FastEthernet0/0 2.0.0.0/24 <http://2.0.0.0/24> <http://2.0.0.0/24> is subnetted, 1 subnets D 2.2.2.0 [90/156160] via 10.1.1.3, 00:00:03, FastEthernet0/0 [90/156160] via 10.1.1.2, 00:00:03, FastEthernet0/0 3.0.0.0/24 <http://3.0.0.0/24> <http://3.0.0.0/24> is subnetted, 1 subnets D 3.3.3.0 [90/156160] via 10.1.1.3, 00:00:03, FastEthernet0/0 [90/156160] via 10.1.1.2, 00:00:03, FastEthernet0/0 Now the objective (and the issue ) - I want to configure distribute-list using prefix-lists on R1 to *DENY* everything that *COMES* from R3 ( bold keywords just to stress on logic ) So here are the two prefix-lists that I made ip prefix-list DENY-ALL seq 5 deny 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> le 32 ! ip prefix-list FROM-R3 seq 5 permit 10.1.1.3/32 <http://10.1.1.3/32> <http://10.1.1.3/32> ! And then I used the below command to achieve what is being expected router eigrp 100 distribute-list prefix DENY-ALL gateway FROM-R3 in FastEthernet0/0 The output on R1 now becomes R1#sh ip route eigrp R1# Basically no routes. So it denies everything coming in F0/0, even though I specified the gateway. BUT , if I change the logic i.e *PERMIT* everything that does *NOT* come from R3 , it works just fine . Therefore If I make the prefix-lists as ip prefix-list NOT-FROM-R3 seq 5 deny 10.1.1.3/32 <http://10.1.1.3/32> <http://10.1.1.3/32> ip prefix-list NOT-FROM-R3 seq 10 permit 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> le 32 ! ip prefix-list PERMIT-ALL seq 5 permit 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> le 32 And the distribute-list as router eigrp 100 distribute-list prefix PERMIT-ALL gateway NOT-FROM-R3 in FastEthernet0/0 The output on R1 is as expected now . R1#sh ip route eigrp 1.0.0.0/24 <http://1.0.0.0/24> <http://1.0.0.0/24> is subnetted, 1 subnets D 1.1.1.0 [90/156160] via 10.1.1.2, 00:02:01, FastEthernet0/0 2.0.0.0/24 <http://2.0.0.0/24> <http://2.0.0.0/24> is subnetted, 1 subnets D 2.2.2.0 [90/156160] via 10.1.1.2, 00:02:01, FastEthernet0/0 3.0.0.0/24 <http://3.0.0.0/24> <http://3.0.0.0/24> is subnetted, 1 subnets D 3.3.3.0 [90/156160] via 10.1.1.2, 00:02:01, FastEthernet0/0 R1# So, the question is What am I doing wrong in the first method ? Are there some basic rules that are being broken here ? Regards, Ravi Blogs and organic groups at http://www.ccie.net <http://www.ccie.net/> <http://www.ccie.net/> _______________________________________________________________________ Subscription information may be found at: http://www.groupstudy.com/list/CCIELab.html -- Carlos G Mendioroz <tron_at_huapi.ba.ar <mailto:tron_at_huapi.ba.ar> <mailto:tron_at_huapi.ba.ar <mailto:tron_at_huapi.ba.ar>>> LW7 EQI Argentina Carlos G Mendioroz <tron_at_huapi.ba.ar <mailto:tron_at_huapi.ba.ar>> LW7 EQI Argentina <tron_at_huapi.ba.ar> LW7 EQI Argentina groups at http://www.ccie.net on Tue Feb 08 2011 - 09:04:33 ART name="navbarfoot" title="Related messages"> [ Message body ] Carlos G Mendioroz: "Re: transparent mode asa fw ..." message: Maarten Vervoorn: "Re: transparent mode asa fw ..." reply to: Ravi Singh: "EIGRP Distribute-list with Gateway command" thread: Ravi Singh: "Re: EIGRP Distribute-list with Gateway command" id="options2">Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ] generated by hypermail 2.2.0