Solved: EIGRP Distribute List

ALIAOF_ · ‎12-04-2012

I am working on some EIGRP configuration in a lab. I have two 3750G switches connected to each other via L3 interfaces. Now what I have been trying to do is create two ACL's and allow the networks form those ACL's to be included in the EIGRP updates. However when I do "distribute-list 10 in - distribute-list 20 out". It does not work. I have to use the "network x.x.x.x x.x.x.x" command and then I see EIGRP work and see the hits on the ACL's as well.

I have tried to use the route-map but same issue. I do not see the "redistribute route-map ..." command. I'm assuming on a switch it is not possible to accomplish this?

SWITCH1:

interface GigabitEthernet1/0/12

no switchport

ip address 192.168.1.1 255.255.255.0

speed 1000

duplex full

end

SWITCH2:

interface GigabitEthernet1/0/12

no switchport

ip address 192.168.1.2 255.255.255.0

speed 1000

duplex full

end

John Blakley · ‎12-06-2012

Ohhhh, I get it now....yes, you still have to advertise the networks from the process. The eigrp process needs to know what networks to advertise, and using the network command is the way to do that. It's impossible to advertise, say, 192.168.1.0/24 through a distribute-list, but not actually have that configured in your process.

So, for every network you want to advertise, you'd need a network command, or you could advertise all networks with "network 0.0.0.0 255.255.255.255"

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

View solution in original post

Ayush Srinet · ‎12-07-2012

View solution in original post

mahmoodmkl · ‎12-04-2012

Hi,

The distribute-list is for controlling the updates about the networks entering or exiting eigrp process.

The list will be applied only if the matching updates are recieved from the neighbor.

Thanks

ALIAOF_ · ‎12-04-2012

Ok so is there a way for me to use ACL's for redistribution ? I'm assuming answer is no since these two switches do not offer the "redistribute route-map......" command. Looks like that command is only available on a router.

mahmoodmkl · ‎12-04-2012

Hi,

i think u should be able to get this commands if u r running ip-services or advservices image on this switch.

Thanks

ALIAOF_ · ‎12-04-2012

I am running ip services no advservices available for it.

John Blakley · ‎12-04-2012

Mohammed,

Can you post the acl that you're using? Prefix lists are easier to work with, but you should be able to use an acl as well...

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

ALIAOF_ · ‎12-06-2012

It is under "other ..." where else you'd like me to post it? And since it is a Cisco site I'm having an issue I figured it would be ok.

PS: If you are going to have an opinion and tell someone that something is wrong then also propose and/or suggest a solution don't just say it is wrong.

I believe it looks like that distribution-list command is only used to filter the traffic. If I want to accomplish what I am trying to accomplish I will have to use route-map, but for that I need to be able to use "redistribute ..." command under "router eigrp as#". Which in my case is not available to me.

Standard IP access list 10

10 permit 192.168.0.0, wildcard bits 0.0.0.255

20 permit 10.1.5.0, wildcard bits 0.0.0.255

30 permit 172.16.1.0, wildcard bits 0.0.0.255

40 permit 10.1.48.0, wildcard bits 0.0.0.255

50 permit 10.1.200.0, wildcard bits 0.0.0.255

60 permit 10.1.250.0, wildcard bits 0.0.0.255

70 permit 10.1.14.0, wildcard bits 0.0.0.255

80 permit 10.1.13.0, wildcard bits 0.0.0.255

90 permit 10.1.150.0, wildcard bits 0.0.0.255

Standard IP access list 20

20 permit 10.1.160.0, wildcard bits 0.0.0.255

30 permit 10.1.136.0, wildcard bits 0.0.3.255

40 permit 10.1.132.0, wildcard bits 0.0.3.255

50 permit 10.1.128.0, wildcard bits 0.0.3.255

60 permit 10.1.8.0, wildcard bits 0.0.0.255

70 permit 10.1.7.0, wildcard bits 0.0.0.255

80 permit 10.1.4.0, wildcard bits 0.0.0.255

mahmoodmkl · ‎12-06-2012

Hi

u need to use distribute list command under the eigrp process as mentioned above u will be able controll what networks u recieve n wht networks u advertise

Sent from Cisco Technical Support iPhone App

Ayush Srinet · ‎12-06-2012

Hi Mahmood,

As per my understadning it should work.

I don't know why it is not working, as per your requirement u can do through route-map, and redistribute connected command.

ALIAOF_ · ‎12-06-2012

That is what I am trying to say that I do not have the "redistribute route-map" command available on these switches for some reason:

John Blakley · ‎12-06-2012

The command you'd look for is "redistribute route-map "

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

ALIAOF_ · ‎12-06-2012

Thank you John, but I guess since I'm using eigrp I can't utilize this command with eigrp. I tried to do it with static and that did not work, here is what I tried:

router eigrp 10

bfd all-interfaces

redistribute static route-map corp

!

access-list 20 permit 10.1.160.0 0.0.0.255

access-list 20 permit 10.1.136.0 0.0.3.255

access-list 20 permit 10.1.132.0 0.0.3.255

access-list 20 permit 10.1.128.0 0.0.3.255

access-list 20 permit 10.1.8.0 0.0.0.255

access-list 20 permit 10.1.7.0 0.0.0.255

access-list 20 permit 10.1.4.0 0.0.0.255

access-list 20 permit 192.168.1.0 0.0.0.255

access-list 20 permit 192.168.2.0 0.0.0.255

!

route-map corp permit 10

match ip address 20

John Blakley · ‎12-06-2012

I guess I'm a little confused. On this switch that you posted, are these the routes that you're wanting to allow out? If you don't have this applied, what routes do you have on the other switch?

Another way that you could do this is to create an extended acl and match on that. You match on the source and network in the acl. For example, if you have the routes listed in acl 20 and you want to allow those only, your acl would look like:

access-list 120 permit ip host 192.168.1.1 10.1.160.0 0.0.0.255

access-list 120 permit ip host 192.168.1.1 10.1.136.0 0.0.0.255

...

access-list 120 permit ip host 192.168.1.1 192.168.2.0 0.0.0.255

router eigrp 100

distribute-list 120 in

You can also tie it to the specific interface:

router eigrp 100

distribute-list 120 in g1/0/12

As others have said, this should work with a standard/extended acl. Have you tried a prefix list yet?

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

ALIAOF_ · ‎12-06-2012

On Switch 1 I have two ACL's

10 and 20

Networks that are under 10 I want them to be advertised to Switch 2 so I did

router eigrp 10

distribute-list 10 out (These networks I want to be advertised to switch 2)

distribute-list 20 in (These networks should be coming from Switch 2)

On Switch 2 I have also two ACL's

10 and 20

Networks that are under 20 I want them to be advertised to Switch 1, so I did

router eigrp 10

distribute-list 10 in (These networks should be coming from Switch 1)

distribute-list 20 out (These networks should be advertised to Switch 1)

Now it all works once I add the network command under "router eigrp 10". So it seems that if using distribute-list command I still have to use "network 192.168.1.0 0.0.0.255 and so on under the eigrp process

John Blakley · ‎12-06-2012

Ohhhh, I get it now....yes, you still have to advertise the networks from the process. The eigrp process needs to know what networks to advertise, and using the network command is the way to do that. It's impossible to advertise, say, 192.168.1.0/24 through a distribute-list, but not actually have that configured in your process.

So, for every network you want to advertise, you'd need a network command, or you could advertise all networks with "network 0.0.0.0 255.255.255.255"

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***