EIGRP route filter

feroz syed · ‎02-11-2014

Hi,

i have one eigrp topology running with two Autonomous system (AS100 and AS200), now the problem is am trying to block the network (4.4.4.4/32 AS100) from AS 100 to AS 200 and company policy not allowed to use Distribute-list for filtering.

i) First i try Standard ACL and apply under the interface won't work (the router has only one interface connected)

{ interface Serial1/0

ip address 123.0.0.3 255.255.255.0

ip access-group 1 in

R3#sh access-lists

Standard IP access list 1

10 deny 4.4.4.4

20 permit any (44 matches) }

ii) Second i try using PBR using unreachable metric (255) and applied under the interface same result won't work

R3#sh access-lists

Standard IP access list 1

10 permit 4.4.4.4

R3#sh route-map

route-map FILTER_R4, permit, sequence 10

Match clauses:

ip address 1

Set clauses:

metric 255

{ interface Serial1/0

ip address 123.0.0.3 255.255.255.0

ip policy route-map FILTER_R4 in }

iii) Third i try using Distance cmd under Eigrp config same result again not work !!

distance 255 4.4.4.4 0.0.0.0

R3#sh ip route 4.4.4.4

Routing entry for 4.4.4.4/32

Known via "eigrp 200", distance 170, metric 1075200, type external

Redistributing via eigrp 200

Last update from 123.0.0.1 on Serial1/0, 00:32:06 ago

Routing Descriptor Blocks:

* 123.0.0.1, from 123.0.0.1, 00:32:06 ago, via Serial1/0

Route metric is 1075200, traffic share count is 1

Total delay is 42000 microseconds, minimum bandwidth is 1544 Kbit

Reliability 255/255, minimum MTU 1500 bytes

Loading 255/255, Hops 2

Please give me the reason for why it not work using ACL, PBR and EIGRP Unreachable Distance also give me the solution for filtering this network

Rejohn Cuares · ‎02-11-2014

Hi feroz_syed,

Items 1 and 2 are wrong usage of filtering routes. In order to get these two working you have to call access-list and route-map statements under the router eigrp process.

You almost got item 3 correct. Here is the correct config.

distance <1-255>

access-list 1 permit 4.4.4.4

!

distance 255 123.0.0.1 0.0.0.0 1

Another way to accomplish your requirement is to use off-set list.

access-list 1 permit 4.4.4.4

!

router eigrp XXX

offset-list 1 in 2147483647 Serial1/0

Please rate replies and mark question as "answered" if applicable.

feroz syed · ‎02-11-2014

Thanks for your reply

i try using the same method as you mention but won't work, still the route appear in rib

access-list 1 permit 4.4.4.4

!

distance 255 123.0.0.1 0.0.0.0 1

[

R3#sh ip access-lists

Standard IP access list 1

10 permit 4.4.4.4 (2 matches)

R3#

R3#sh run | se ei

ip authentication mode eigrp 200 md5

ip authentication key-chain eigrp 200 secure

router eigrp 200

network 3.3.3.3 0.0.0.0

network 123.0.0.0 0.0.0.255

metric weights 0 0 0 1 0 0

distribute-list prefix FILTER_R1_PREFIX in

distance 255 123.0.0.1 0.0.0.0 1

no auto-summary

eigrp router-id 3.3.3.3

eigrp stub connected summary

R3#sh ip route 4.4.4.4

Routing entry for 4.4.4.4/32

Known via "eigrp 200", distance 170, metric 1075200, type external

Redistributing via eigrp 200

Last update from 123.0.0.1 on Serial1/0, 00:01:39 ago

Routing Descriptor Blocks:

* 123.0.0.1, from 123.0.0.1, 00:01:39 ago, via Serial1/0

Route metric is 1075200, traffic share count is 1

Total delay is 42000 microseconds, minimum bandwidth is 1544 Kbit

Reliability 255/255, minimum MTU 1500 bytes

Loading 255/255, Hops 2

]

willwetherman · ‎02-11-2014

Hi,

Unfortunately it is not possible to change the AD for external EIGRP routes, this method only works for internal routes.

cadet alain · ‎02-11-2014

Hi,

just use a route-map for redistribution and deny this prefix.

Regards

Alain

Don't forget to rate helpful posts.