Solved: Eigrp Nexus Filter

opnineopnine · ‎01-11-2016

Hello

I have my Nexus 7000 connected via Eigrp to my 6500, I need to filter some Ip from the 6500 that I dont want to see in my network. how can i filter this in the Nexus?

thanks. !

Jon Marshall · ‎01-11-2016

ip prefix-list <NAME> deny 172.31.240.0/24
ip prefix-list <NAME> permit 0.0.0.0/0 le 32

int <x/y> <--- this connects to 6500
ip distribute-list eigrp Center prefix-list <NAME> in

where <NAME> is whatever you want.

Jon

View solution in original post

Jon Marshall · ‎01-11-2016

You can use a distribute list.

Couple of points -

1) If the 6500 and Nexus are connected via a P2P link then you could configure the distribute list outbound on the 6500 to stop it sending certain routes to the Nexus switch or inbound on the Nexus switch to stop it receiving them.

Either would work.

If however the 6500 and Nexus are on a common vlan where the 6500 peers with other EIGRP neighbors then you should apply it inbound on the Nexus because the 6500 would still need to send those routes to it's other neighbors.

2) if you want to filter the majority of routes then you should write your acl or prefix list to only permit the specific routes you want.

If you want to accept the majority of routes then you should write your acl or prefix list to deny the routes you don't want and then accept the rest.

So you need to know which of the above it is.

Jon

opnineopnine · ‎01-11-2016

Hello Jon

Thanks for you tips, can you tell me if this ir correct, just the code lines

IP access list Eigrp_Filter_Deny
10 permit ip 172.31.240.0 255.255.255.248 any
500 deny ip any any

!

int e1/2

ip port access-group Eigrp_Filter_Deny

thanks!

Jon Marshall · ‎01-11-2016

Is this for the Nexus switch ?

If so I believe you have to use a prefix list and not an acl.

So can you confirm if it is for the Nexus and I can help you out.

Also can you confirm that the only route you want the Nexus to receive from the 6500 is for 172.31.240.0/29 and not any others ?

Jon

opnineopnine · ‎01-11-2016

I will apply this on the Nexus side.

Thanks.

Jon Marshall · ‎01-11-2016

I don't think you can because as I say I think you need to use a prefix list.

Can you reread my last post and answer the questions and then we can sort out the correct configuration.

Jon

opnineopnine · ‎01-11-2016

Im having issue with config for this prefix, will this be ok?

ip prefix-list Eigrp_Filter_Deny seq 10 deny 172.31.240.0/24

ip prefix-list Eigrp_Filter_Deny seq 20 permit 0.0.0.0/24

int e1/47
ip distribute-list eigrp Center prefix-list Eigrp_Filter_Deny in

I got it to work.

Thanks.!

Jon Marshall · ‎01-11-2016

So is it working ?

The second line of your prefix list is not necessarily correct.

Jon

opnineopnine · ‎01-11-2016

No is not working, after I add the first line I loose all inside eigrp.

Thanks

Jon Marshall · ‎01-11-2016

Can you tell me exactly what you want to achieve.

Is it to deny 172.31.240.0/24 and then allow all other routes ?

Jon

opnineopnine · ‎01-11-2016

yes I want to deny the 172 network via eigrp and allow al the other routes.

Thanks.!

Jon Marshall · ‎01-11-2016

ip prefix-list <NAME> deny 172.31.240.0/24
ip prefix-list <NAME> permit 0.0.0.0/0 le 32

int <x/y> <--- this connects to 6500
ip distribute-list eigrp Center prefix-list <NAME> in

where <NAME> is whatever you want.

Jon

opnineopnine · ‎01-11-2016

It worked thanks!!!!!!