It is very late / early however upon working on the physical lab I realized I completely forgot to cover EIGRP route filtering using Route-Maps to filter EIGRP routes, and I am about half asleep (as usual) so please excuse any typos within 🙂
So to filter routes in EIGRP, we are always going to use a distribute-list, it’s just a matter of using ACL’s / Prefix-Lists / Route-Maps to do it. We’ve seen Prefix-Lists and ACL’s configured and their behaviors, however Route-Maps are just a bit different but use the exact same logic.
I’m going to jump on the gear quick for a demonstration, this article assumes you understand configuring a Prefix-List and a Route-Map, and if not you are going to learn to right now!
So here’s how we configure a Route-Map to use a Prefix-List within a Distribute-List to filter EIGRP Routes (boy is that a mouth full):
The original “sh ip route eigrp” before any configuration
R1(config)#do sh ip route eigrp
Gateway of last resort is not set
2.0.0.0/32 is subnetted, 1 subnets
D 2.2.2.2 [90/2297856] via 172.12.123.2, 00:16:15, Serial0/0/0
3.0.0.0/32 is subnetted, 1 subnets
D 3.3.3.3 [90/2297856] via 172.12.123.3, 00:16:15, Serial0/0/0
172.12.0.0/16 is variably subnetted, 3 subnets, 2 masks
D 172.12.23.0/24 [90/2173416] via 172.12.123.3, 00:16:15, Serial0/0/0
[90/2173416] via 172.12.123.2, 00:16:15, Serial0/0/0
The Prefix-list
R1(config)#ip prefix-list TEST seq 10 permit 0.0.0.0/0 ge 32 le 32
R1(config)#
The Route-Map
R1(config)#route-map DENIED deny 10
R1(config-route-map)#match ip add ?
<1-199> IP access-list number
<1300-2699> IP access-list number (expanded range)
WORD IP access-list name
prefix-list Match entries of prefix-lists
R1(config-route-map)#match ip add prefix-list TEST
R1(config-route-map)#route-map DENIED permit 20
The Distribute-List
R1(config-route-map)#router eigrp 100
R1(config-router)#distribute-list route-map DENIED in
R1(config-router)#
I like this example, because it really tests what you know about Prefix-Lists, as we’ve already beat distribute-list logic to death – But what will that Prefix-list filter? Everything? Nothing? Some of them? Do you know why it does what?
Now I am going to put the answer waaaay the heck down the screen so you can look over the routes before the configuration, what was configured, and the results might surprise you or catch you off guard which is what Cisco is looking to do on the ROUTE exam! 🙂
……… Go back up and review it the routes being filtered, and the what the Prefix-List is filtering.
……… Might want to take one last look, I even got it wrong what I predicted the first time.
………. Ok lets take a look at the results below.
Lets take a look at what this distribute-list has accomplished:
R1(config)#do sh ip route eigrp
Gateway of last resort is not set
172.12.0.0/16 is variably subnetted, 3 subnets, 2 masks
D 172.12.23.0/24 [90/2173416] via 172.12.123.3, 00:00:07, Serial0/0/0
[90/2173416] via 172.12.123.2, 00:00:07, Serial0/0/0
You read that correctly! When configuring the prefix-list you ‘permit’ the line (s), then use a ‘deny’ on your route-map sequence to do the filtering. This configuration only blocks all host routes because it includes the “gr 32 le 32” on the end of it, meaning it permits all host routes, but does not match on any Prefix/Length (networks).
It filtered the 2.2.2.2 and 3.3.3.3 because they are host routes, but it allowed the Prefix of 172.12.23.0/24 through because if we wanted to filter prefixes, we need to use 0.0.0.0/0 without the “gr 32 le 32” on the end of it – Then we would have a reversal of what was filtered and what was allowed.
The sequence 20 on the Route-Map is the usual catch-all clause to allow all other traffic to go about it’s business as usual, with no parameters set, as usual.
So that is the last way in which EIGRP routes can be filtered with Distribute-Lists in EIGRP, however I hope I’ve really driven the point home on the Prefix-List ‘default-route’ logic as well, because that is BEGGING for a question on exam day that we need to be ready to nail to the wall immediately and move on while the clock is ticking!
TGIF. Bed time for me, see ya!
The DEVNET GRIND! 