Route Filtering with an EIGRP Distribute List

18 May 2011 - Lab-Rat

The Lab Configuration

EIGRP Distribute List Examples
It doesn’t get much simpler than this- just a few routers in a row. For this exercise, we’re only concerned about R1 and R2.

Here’s the route table before filtering.
R1#show ip route
C 1.0.0.0/8 is directly connected, Loopback1
D 2.0.0.0/8 [90/156160] via 172.16.12.2, 00:22:51, FastEthernet0/0
D 3.0.0.0/8 [90/158720] via 172.16.12.2, 00:52:04, FastEthernet0/0
D 4.0.0.0/8 [90/161280] via 172.16.12.2, 00:52:04, FastEthernet0/0
C 172.16.0.0/16 is directly connected, FastEthernet0/0
D 10.0.0.0/8 [90/33280] via 172.16.12.2, 00:52:04, FastEthernet0/0
D 192.168.23.0/24 [90/30720] via 172.16.12.2, 00:52:04, FastEthernet0/0

EIGRP Distribute List with a Standard ACL

We’re going to get rid of Loopback 2 (2.0.0.0/8 network). Here’s how:

router eigrp 100
Distribute-list FILTER2 in
ip access-list standard FILTER2
deny 2.0.0.0
permit any

R1#show ip route
C 1.0.0.0/8 is directly connected, Loopback1
D 3.0.0.0/8 [90/158720] via 172.16.12.2, 00:53:09, FastEthernet0/0
D 4.0.0.0/8 [90/161280] via 172.16.12.2, 00:53:09, FastEthernet0/0
C 172.16.0.0/16 is directly connected, FastEthernet0/0
D 10.0.0.0/8 [90/33280] via 172.16.12.2, 00:53:09, FastEthernet0/0
D 192.168.23.0/24 [90/30720] via 172.16.12.2, 00:53:09, FastEthernet0/0

EIGRP Distribute List with an Extended ACL

This one isn’t too intuitive. The extended ACL cites the route source, and then the route to be filtered. Rather than use a mask for each, the keyword “host” makes it a bit simpler.

router eigrp 100
Distribute-list FILTER2 in
ip access-list extended FILTER2
deny ip host 172.16.12.2 host 2.0.0.0
permit ip any any

R1#show ip route
C 1.0.0.0/8 is directly connected, Loopback1
D 3.0.0.0/8 [90/158720] via 172.16.12.2, 00:53:09, FastEthernet0/0
D 4.0.0.0/8 [90/161280] via 172.16.12.2, 00:53:09, FastEthernet0/0
C 172.16.0.0/16 is directly connected, FastEthernet0/0
D 10.0.0.0/8 [90/33280] via 172.16.12.2, 00:53:09, FastEthernet0/0
D 192.168.23.0/24 [90/30720] via 172.16.12.2, 00:53:09, FastEthernet0/0

EIGRP Distribute List with a Prefix List

Here’s a prefix list. We start with the deny, and that last bit of syntax is how to pass all other routes.
router eigrp 100
Distribute-list prefix FILTER2 in
ip prefix-list FILTER2 seq 10 deny 2.0.0.0/8
ip prefix-list FILTER2 seq 20 permit 0.0.0.0/0 le 32

R1#show ip route
C 1.0.0.0/8 is directly connected, Loopback1
D 3.0.0.0/8 [90/158720] via 172.16.12.2, 00:53:09, FastEthernet0/0
D 4.0.0.0/8 [90/161280] via 172.16.12.2, 00:53:09, FastEthernet0/0
C 172.16.0.0/16 is directly connected, FastEthernet0/0
D 10.0.0.0/8 [90/33280] via 172.16.12.2, 00:53:09, FastEthernet0/0
D 192.168.23.0/24 [90/30720] via 172.16.12.2, 00:53:09, FastEthernet0/0

EIGRP Distribute List with a Route Map and Prefix List

Here’s a route map, with a permit prefix list. Remember there’s an implicit deny at the end of the prefix list. There’s also one at the end of the route map, which is why I added a permit with no match clause, which should pass the other routes.
router eigrp 100
Distribute-list route-map FILTER2 in
ip prefix-list FILTER2 seq 10 permit 2.0.0.0/8
route-map FILTER2 deny 10
match ip address prefix-list FILTER2
route-map FILTER2 permit 20

R1#show ip route
C 1.0.0.0/8 is directly connected, Loopback1
D 3.0.0.0/8 [90/158720] via 172.16.12.2, 00:53:09, FastEthernet0/0
D 4.0.0.0/8 [90/161280] via 172.16.12.2, 00:53:09, FastEthernet0/0
C 172.16.0.0/16 is directly connected, FastEthernet0/0
D 10.0.0.0/8 [90/33280] via 172.16.12.2, 00:53:09, FastEthernet0/0
D 192.168.23.0/24 [90/30720] via 172.16.12.2, 00:53:09, FastEthernet0/0