Re: how to filter static route from eigrp updates on asa

Majed Zouhairy · ‎07-06-2021

i have static and redistributed routes enabled for advertising in eigrp, on routers you have to actually tag a static route and enable redistribution for the static route to be advertised, but no such thing in asa...so what can be done to filter one specific static route from propagating?

Giuseppe Larosa · ‎07-06-2021

Hello @Majed Zouhairy ,

you should be able to use a route-map to decide what static routes should be redistributed

ip prefix-list ALLOWED deny 10.10.10.0/24

ip preiix-list ALLOWED permit 10.10.0.0/16 le 32

route-map SELECTED permit 10

match address prefix ALLOWED

router eigrp 65000

redsitribute static route-map SELECTED

in this example the prefix 10.10.10.0/24 is not redistributed into EIGRP

Hope to help

Giuseppe

Majed Zouhairy · ‎07-07-2021

hmm, currently i have:

access-list ALLOWED deny 10.10.10.0/24

access-list ALLOWED permit 10.10.0.0/16

route-map SELECTED, permit, sequence 10
Match clauses:
ip address (access-lists): ALLOWED
Set clauses:

i configured the prefix list, now if i apply it instead of the access-list, would there be any traffic disruption? or is it safe ?

Giuseppe Larosa · ‎07-07-2021

Hello @Majed Zouhairy ,

the access-list works with a different logic so that it matches also component routes on 10.10.0.0/16 and not only an exact match .

You can use the ACL or the prefix-list just be careful that the prefix-list requires the le 32 final parameter , if you want to include all component routes otherwise it looks for an exact match.

Hope to help

Giuseppe