Solved: Re: Filter ::/0 EIGRP out interface

sebastien3 · ‎07-30-2023

Hi,

With EIGRP IPV6 I want to redistribute the static and connected routes but not the

default route ::/0

distribute-list prefix-list FILTER_EIGRP out GigabitEthernet1/0
redistribute static
redistribute connected

ipv6 prefix-list FILTER_EIGRP seq 10 deny ::/0
ipv6 prefix-list FILTER_EIGRP seq 20 permit ::/0 le 128

interface Loopback0
no ip address
ipv6 address 2001:db8:1:1:1:1:1:100/128
ipv6 enable

If I use the FILTER_EIGRP filter it works for the

default route ::/0

but not with an IPV6 of loopback0 which is in (LC) Local/Connected.

This filter rule work for a subnet IPV6 /64 Static (S).

How would you write the filtering

access list FILTER_EIGRP

?

Thanks

Harold Ritter · ‎08-02-2023

Hi @sebastien3 ,

It definitely appears to be an

eigrpv6

implementation difference.

As can be seen below, the

lo0 ipv6

address is flagged as "Connected" in the topology database, while the

lo0 ipv4

address is flagged as

Rconnected

(or redistribute connected). This is most likely why only

stub redistributed

is sufficient with IPv4 to advertise the

lo0

address, while

stub redistributed connected

is required with IPv6.

DUT#sh ip eigrp topo

EIGRP-IPv4 VR(EIGRP) Topology Table for AS(10)/ID(192.168.100.1)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,

       r - reply Status, s - sia Status

P 192.168.100.1/32, 1 successors, FD is 163840

        via Rconnected (163840/0)

…

DUT#sh ipv6 eigrp topo

EIGRP-IPv6 VR(EIGRP) Topology Table for AS(10)/ID(10.10.10.229)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,

       r - reply Status, s - sia Status

P 2001:DB8:1:1:1:1:1:100/128, 1 successors, FD is 163840

        via Connected, Loopback0

…

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

View solution in original post

Flavio Miranda · ‎07-30-2023

@sebastien3

Try this way

ipv6 prefix-list FILTER_EIGRP seq 10 deny ::/0

ipv6 prefix-list FILTER_EIGRP seq 15 deny  ::100/128
ipv6 prefix-list FILTER_EIGRP seq 20 permit ::/0 le 128

sebastien3 · ‎07-30-2023

@Flavio Miranda: Sorry this not work... IPV6 of Loopback does not propaged via EIGRP process.

Flavio Miranda · ‎07-30-2023

@sebastien3 I believe I misunderstood your problem. I thought it was propagating despite the

prefix-list

and then I suggested deny the final ::100.

Try to do the opposite then, which is permit the final ::100. And keep the deny at the end.

ipv6 prefix-list FILTER_EIGRP seq 10 permit::100/128
ipv6 prefix-list FILTER_EIGRP seq 20 permit ::/0 le 128

ipv6 prefix-list FILTER_EIGRP seq 30 deny ::/0

sebastien3 · ‎07-30-2023

The

default route ::/0

is still propagated even with this rule ! It doesn't have to be.

Harold Ritter · ‎07-30-2023

Hi @sebastien3 ,

The

prefix-list

is correct and should deny the

default route

and allow everything else.

What IOS version are you running?

Can you provide the output for the following command:

sh ipv6 prefix-list FILTER_EIGRP 2001:DB8:1:1:1:1:1:100/128 first-match

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

sebastien3 · ‎07-30-2023

Hi @Harold Ritter

I use Version 15.2(4)M11, RELEASE SOFTWARE (fc2)

>The

prefix-list

is correct and should deny the

default route

and allow everything else.

What

prefix-list

are you talking about to be sure ?

RTR#sh ipv6 prefix-list FILTER_EIGRP 2001:db8:1:1:1:1:1:100/128 first-match
seq 20 permit ::/0 le 128 (hit count: 15, refcount: 0)

RTR#sh ipv6 prefix-list FILTER_EIGRP ::/0 first-match
seq 10 deny ::/0 (hit count: 9, refcount: 1)

Harold Ritter · ‎07-30-2023

Hi @sebastien3 ,

> I use Version 15.2(4)M11, RELEASE SOFTWARE (fc2)

I would definitely try with a more recent version

> What

prefix-list

are you talking about to be sure ?

You only mentioned one

prefix-list, FILTER_EIGRP

The first entry (seq 10) denies the

default route

and the second one (seq 20) allows everything else.

The results from the show commands proof that the

prefix-list

works as it should.

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

sebastien3 · ‎07-30-2023

@Harold Ritter

>The results from the show commands proof that the

prefix-list

works as it should.

Yes but no ! I don't understand... On the second EIGRP router I do not receive the

prefix 2001:db8:1:1:1:1:1:100/128

from router where I have the

prefix-list FILTER_EIGRP !!

Harold Ritter · ‎07-30-2023

Hi @sebastien3 ,

That is why I think that it might be related to the version you are running.

I just tried a quick test with 15.9(3)M4 and it works like a charm.

Can you provide the output for the following command from the advertising router:

show ipv6 eigrp topo

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

sebastien3 · ‎07-30-2023

Hi @Harold Ritter

RTR#sh ipv6 eigrp topo
EIGRP-IPv6 VR(EIGRP) Topology Table for AS(10)/ID(10.10.10.229)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status

P FD00:10:6:60::/64, 1 successors, FD is 655360
via Connected, Port-channel1
P 2001:db8:10:13::/64, 1 successors, FD is 6554255360
via Rstatic (6554255360/0)
P FD00:10:0:113::2/128, 1 successors, FD is 163840
via Connected, Loopback10
P ::/0, 1 successors, FD is 131072
via Rstatic (131072/0)
P 2001:db8:1:1:1:1:1:100/128, 1 successors, FD is 163840
via Connected, Loopback0

Harold Ritter · ‎07-30-2023

Hi @sebastien3 ,

I just wanted to verify that the

Lo0 ipv6

address is seen in the eigrp topology. It should definitely work. I would definitely recommend moving to a newer IOS version at this point.

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

sebastien3 · ‎07-30-2023

Hi @Harold Ritter

I tested this same configuration with another router (ASR 1001 Cisco IOS XE Software, Version 03.16.10.S) and I have the same problem...

I do not understand why.

My first test is on a 7201 router, which is old (The IOS is the last possible) I admit but I have the same behavior with an ASR 1001.

Harold Ritter · ‎07-31-2023

Hi @sebastien3 ,

Thanks for the additional information. As I mentioned, I tested this successfully with 15.9(3)M4, but it might be that my configuration is different than yours, as you only provided partial configurations.

Do you have any filters on the receiving routers?

Could you share more information about the configuration of the advertising router. as the

prefix-list

is not the issue as we have already verified.

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

sebastien3 · ‎08-01-2023

Hi @Harold Ritter ,

Here is the EIGRP IPV6 configuration between the router (7201) and the switch (4500).

I also tried with an ASR1001 and a 4500 switch with the same config. I have the same problem

### Router1 (C7200P-ADVENTERPRISEK9-M), Version 15.2(4)M11
interface Loopback0
no ip address
ipv6 address 2001:db8:1:1:1:1:1:100/128
ipv6 enable
!
interface GigabitEthernet1/0
description To SWITCH-2 4500
ipv6 address FD00:10:6:60::13/64
ipv6 enable
no ipv6 redirects
!
ipv6 prefix-list FILTER_EIGRP seq 10 deny ::/0
ipv6 prefix-list FILTER_EIGRP seq 20 permit ::/0 le 128
!
router eigrp EIGRP
address-family ipv6 unicast autonomous-system 10
!
af-interface default
passive-interface
exit-af-interface
!
af-interface GigabitEthernet1/0
no passive-interface
exit-af-interface
!
topology base
distribute-list prefix-list FILTER_EIGRP out GigabitEthernet1/0
redistribute static
redistribute connected
exit-af-topology
eigrp router-id 10.10.10.229
eigrp stub redistributed
exit-address-family
!
ipv6 route ::/0 FD00:10:6:60::14

### SWITCH-2 Version 03.11.08.E
interface Vlan15
description To Router1 7201
ipv6 address FD00:10:6:60::14/64
ipv6 enable
no ipv6 redirects
end
!
ipv6 prefix-list FILTER_EIGRP seq 10 deny ::/0
!
router eigrp EIGRP
address-family ipv6 unicast autonomous-system 10
!
af-interface default
passive-interface
exit-af-interface
!
af-interface Vlan15
no passive-interface
exit-af-interface
!
topology base
distribute-list prefix-list FILTER_EIGRP out Vlan15
redistribute static
exit-af-topology
eigrp router-id 10.10.10.113
nsf
exit-address-family

Thanks !