Re: EIGRP Distribute-list with Gateway command

From: Carlos G Mendioroz <tron_at_huapi.ba.ar>
Date: Tue, 08 Feb 2011 08:26:00 -0300

Are you applying
-Carlos

Ravi Singh @
> Hi Carlos,
>
>
>
>
>
>
>
>
> Regards,
> Ravi
>
>
>
>
> Ravi,
>
>
>
>
>
>
> -Carlos
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> !
>
> !
>
>
>
>
>
>
>
>
>
> R1#
>
>
>
>
>
>
>
>
>
>
>
>
>
> !
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> R1#
>
>
>
>
>
>
> Ravi
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> --
>
>
>
>

 -- Carlos G Mendioroz Blogs and organic

Received

This message:

Next message:

Maybe in

Next in

This archive was : Tue Mar 01 2011 - 07:01:49 ART the distribute-list to both interfaces ? 08/02/2011 08:21 -0300 dixit: Well .. while trying to get my head round this issue , I tried the same config in a setup when R1 has two different ethernet interfaces connected to R2 and R3 i.e R1 F0/0 connects to R2 and R1 F1/0 connects to R3 . The same prefix-list statements and distribute-list works just as expected in that scenario . I would assume the same mechanism would be applied in this scenario as well .. On Tue, Feb 8, 2011 at 11:11 AM, Carlos G Mendioroz <tron_at_huapi.ba.ar <mailto:tron_at_huapi.ba.ar>> wrote: updates have to PASS the filter. When you put prefix and gateway conditions, they have to pass both. So in your first config, no route passes the prefix, it does not matter where it comes from. Ravi Singh @ 08/02/2011 01:52 -0300 dixit: Hello Group , The below email might seem long in the first glance but it is a simple question with a very simple setup . R1 | | ------------------SW | | | | R2 R3 If wordwrap ruins the art, the setup is F0/0 on R1, R2 and R3 each is connected to a common LAN segment through SW1. The IP Addresses on the F0/0 interfaces are 10.1.1.1/24 <http://10.1.1.1/24>, 10.1.1.2/24 <http://10.1.1.2/24> and 10.1.1.3/24 <http://10.1.1.3/24> respectively. R2 and R3 both have the same Loop 1, Loop 2 and Loop 3 addresses which are 1.1.1.1/24 <http://1.1.1.1/24>, 2.2.2.2/24 <http://2.2.2.2/24> and 3.3.3.3/24 <http://3.3.3.3/24> respectively. R1, R2 and R3 run EIGRP between them. Here is the routing table on R1 under normal circumstances R1#sh ip route eigrp 1.0.0.0/24 <http://1.0.0.0/24> is subnetted, 1 subnets D 1.1.1.0 [90/156160] via 10.1.1.3, 00:00:03, FastEthernet0/0 [90/156160] via 10.1.1.2, 00:00:03, FastEthernet0/0 2.0.0.0/24 <http://2.0.0.0/24> is subnetted, 1 subnets D 2.2.2.0 [90/156160] via 10.1.1.3, 00:00:03, FastEthernet0/0 [90/156160] via 10.1.1.2, 00:00:03, FastEthernet0/0 3.0.0.0/24 <http://3.0.0.0/24> is subnetted, 1 subnets D 3.3.3.0 [90/156160] via 10.1.1.3, 00:00:03, FastEthernet0/0 [90/156160] via 10.1.1.2, 00:00:03, FastEthernet0/0 Now the objective (and the issue ) - I want to configure distribute-list using prefix-lists on R1 to *DENY* everything that *COMES* from R3 ( bold keywords just to stress on logic ) So here are the two prefix-lists that I made ip prefix-list DENY-ALL seq 5 deny 0.0.0.0/0 <http://0.0.0.0/0> le 32 ip prefix-list FROM-R3 seq 5 permit 10.1.1.3/32 <http://10.1.1.3/32> And then I used the below command to achieve what is being expected router eigrp 100 distribute-list prefix DENY-ALL gateway FROM-R3 in FastEthernet0/0 The output on R1 now becomes R1#sh ip route eigrp Basically no routes. So it denies everything coming in F0/0, even though I specified the gateway. BUT , if I change the logic i.e *PERMIT* everything that does *NOT* come from R3 , it works just fine . Therefore If I make the prefix-lists as ip prefix-list NOT-FROM-R3 seq 5 deny 10.1.1.3/32 <http://10.1.1.3/32> ip prefix-list NOT-FROM-R3 seq 10 permit 0.0.0.0/0 <http://0.0.0.0/0> le 32 ip prefix-list PERMIT-ALL seq 5 permit 0.0.0.0/0 <http://0.0.0.0/0> le 32 And the distribute-list as router eigrp 100 distribute-list prefix PERMIT-ALL gateway NOT-FROM-R3 in FastEthernet0/0 The output on R1 is as expected now . R1#sh ip route eigrp 1.0.0.0/24 <http://1.0.0.0/24> is subnetted, 1 subnets D 1.1.1.0 [90/156160] via 10.1.1.2, 00:02:01, FastEthernet0/0 2.0.0.0/24 <http://2.0.0.0/24> is subnetted, 1 subnets D 2.2.2.0 [90/156160] via 10.1.1.2, 00:02:01, FastEthernet0/0 3.0.0.0/24 <http://3.0.0.0/24> is subnetted, 1 subnets D 3.3.3.0 [90/156160] via 10.1.1.2, 00:02:01, FastEthernet0/0 So, the question is What am I doing wrong in the first method ? Are there some basic rules that are being broken here ? Regards, Blogs and organic groups at http://www.ccie.net <http://www.ccie.net/> _______________________________________________________________________ Subscription information may be found at: http://www.groupstudy.com/list/CCIELab.html Carlos G Mendioroz <tron_at_huapi.ba.ar <mailto:tron_at_huapi.ba.ar>> LW7 EQI Argentina <tron_at_huapi.ba.ar> LW7 EQI Argentina groups at http://www.ccie.net on Tue Feb 08 2011 - 08:26:00 ART name="navbarfoot" title="Related messages"> [ Message body ] Ravi Singh: "Re: EIGRP Distribute-list with Gateway command" message: Radioactive Frog: "Re: crs script editor tutorial" reply to: Ravi Singh: "EIGRP Distribute-list with Gateway command" thread: Ravi Singh: "Re: EIGRP Distribute-list with Gateway command" id="options2">Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ] generated by hypermail 2.2.0