Solved: EIGRP Route filtering

murray.bown · ‎10-17-2023

Hello all,

I'm looking for a solution to filtering specific routes being advertised from an adjacent neighbour but no filtered from other routers via EIGRP.

I have tried the following configuration, but this blocks all updates from all routers for the 172.17.0.0/16, I want to block routes from only one router, 172.19.128.26 but allow updates for all other routers.

access-list 26 remark DENY EIGRP UPDATES 172.17.0.0
access-list 26 deny 172.17.0.0 0.0.255.255
access-list 26 permit any route-map EIGRP-IN permit 26
match ip address 26

router eigrp 2000
distribute-list route-map EIGRP-IN in

paul driver · ‎10-17-2023

Hello

@murray.bown wrote:
I'm looking for a solution to filtering specific routes being advertised from an adjacent neighbour but no filtered from other routers via EIGRP.

Example1:

access-list 10 permit 172.17.0.0 0.0.255.255 
router eigrp 2000
distance 255 172.19.128.26. 0.0.0.0 10

Example2: use an extended acl when not directly adjacent -

Source ip = advertising rtr, 
Destination ip = network/host to be filtered

access-list 100 deny host 172.19.128.26 172.17.0.0 0.0.255.255
access-list 100 permit ip any any


router eigrp 2000
distribute-list 100 in <neighbour interfaces>

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

MHM Cisco World · ‎10-17-2023

use same except add

distribute-list route-map EIGRP-IN <<- add interface

you recive update from
this way you can filter from specific neighbour

David Ruess · ‎10-17-2023

Hello,

If you want to block updates from a specific peer you can use an Extended ACL with the

distribute list

. See example below:

access-list 111 deny ip host <ip> any <- ip in this sense is the neighbor IP
access-list 111 permit ip any any

router eigrp <AS#>
distribute-list 111 in [interface] -

if you don't specify an interface it will apply to all interfaces. Since the peer is likely directly connected you would probably use the

interface

command as well.

EIGRP is a distance vector so its basically "routing by rumor" in a sense. As each device receives a network it passes it along to its other EIGRP neighbors. If you are trying to block a specific network from a device, lets say several hops away then the above mentioned will not work. If that is your desired goal then other methods may have to be employed. If this does not resolve your issue can you provide more details such as configuration and a diagram of what you have and what you are trying to achieve?

-David

paul driver · ‎10-17-2023

Hello

@murray.bown wrote:
I'm looking for a solution to filtering specific routes being advertised from an adjacent neighbour but no filtered from other routers via EIGRP.

Example1:

access-list 10 permit 172.17.0.0 0.0.255.255 
router eigrp 2000
distance 255 172.19.128.26. 0.0.0.0 10

Example2: use an extended acl when not directly adjacent -

Source ip = advertising rtr, 
Destination ip = network/host to be filtered

access-list 100 deny host 172.19.128.26 172.17.0.0 0.0.255.255
access-list 100 permit ip any any


router eigrp 2000
distribute-list 100 in <neighbour interfaces>

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

murray.bown · ‎10-19-2023

Thank you so much for your support.