How to Filter Prefixes with Distribute-list

How to Filter Prefixes with Distribute-list

Prefixes that are advertised by routing protocols like OSPF, EIGRP, or RIP can be filtered. One way of doing this is by using a distribute list. In this lesson, I’ll give you an example of how to filter certain prefixes with a distribute-list.

Filtering can occur inbound or outbound. If you have an inbound route filter, we will first check if the network is permitted or not before we will accept it. Let’s take a look at a network topology so I can give you a demonstration:

R1 and R2 are connected and run EIGRP. On R2, I have added a couple of loopback interfaces with prefixes that we will advertise in EIGRP. Here is the configuration:

R1(config)#router eigrp 12
R1(config-router)#no auto-summary
R1(config-router)#network 192.168.12.0

R2(config)#router eigrp 12
R2(config-router)#no auto-summary
R2(config-router)#network 192.168.12.0
R2(config-router)#network 172.16.0.0 0.0.3.255

Above, you can see that we advertise all prefixes in EIGRP.

R1#show ip route eigrp 
     172.16.0.0/24 is subnetted, 4 subnets
D       172.16.0.0 [90/156160] via 192.168.12.2, 00:01:07, FastEthernet0/0
D       172.16.1.0 [90/156160] via 192.168.12.2, 00:01:07, FastEthernet0/0
D       172.16.2.0 [90/156160] via 192.168.12.2, 00:01:07, FastEthernet0/0
D       172.16.3.0 [90/156160] via 192.168.12.2, 00:01:07, FastEthernet0/0

If we look at the routing table of router R1, we can see all those networks on the loopback interfaces as they should be. Now we’ll see if we can do some filtering.

R1(config)#router eigrp 12
R1(config-router)#distribute-list ?
  <1-199>      IP access list number
  <1300-2699>  IP expanded access list number
  WORD         Access-list name
  gateway      Filtering incoming updates based on gateway
  prefix       Filter prefixes in routing updates
  route-map    Filter prefixes based on the route-map

Go to the configuration of the EIGRP process and use the distribute-list command to see your options. As you can see, we can choose between an access-list, a prefix list, or a route-map. Let’s start with the access-list. You are probably familiar with access lists if you studied CCNA.

R1(config-router)#distribute-list 1 ?
  in   Filter incoming routing updates
  out  Filter outgoing routing updates

If you specify an access-list number, you can choose if this route filter has to be inbound or outbound.

R1(config-router)#distribute-list 1 in ?
  Async              Async interface
  BVI                Bridge-Group Virtual Interface
  CDMA-Ix            CDMA Ix interface
  CTunnel            CTunnel interface
  Dialer             Dialer interface
  FastEthernet       FastEthernet IEEE 802.3
  Lex                Lex interface
  Loopback           Loopback interface
  MFR                Multilink Frame Relay bundle interface
  Multilink          Multilink-group interface
  Null               Null interface
  Port-channel       Ethernet Channel of interfaces
  Tunnel             Tunnel interface
  Vif                PGM Multicast Host interface
  Virtual-PPP        Virtual PPP interface
  Virtual-Template   Virtual Template interface
  Virtual-TokenRing  Virtual TokenRing
  <cr>

If you want, you can choose the interface to which to apply the inbound route filter to. If you don’t specify an interface, it will apply to all interfaces.

R1(config-router)#distribute-list 1 in FastEthernet 0/0

I’m going to apply it to the FastEthernet 0/0 interface since that’s the one on which we receive information from router R2 on.

R1(config)#access-list 1 deny 172.16.1.0 0.0.0.255
R1(config)#access-list 1 permit any

Let’s create an access-list that will filter 172.16.1.0 /24 and permit all the other networks.

R1#
%DUAL-5-NBRCHANGE: IP-EIGRP(0) 12: Neighbor 192.168.12.2 (FastEthernet0/0) is resync: route configuration changed

You’ll see a message showing you that the route filter has changed.

R1#show ip route eigrp 
     172.16.0.0/24 is subnetted, 3 subnets
D       172.16.0.0 [90/156160] via 192.168.12.2, 00:06:26, FastEthernet0/0
D       172.16.2.0 [90/156160] via 192.168.12.2, 00:06:26, FastEthernet0/0
D       172.16.3.0 [90/156160] via 192.168.12.2, 00:06:26, FastEthernet0/0

R1#show access-lists 
Standard IP access list 1
    10 deny   172.16.1.0, wildcard bits 0.0.0.255 (2 matches)
    20 permit any (3 matches)

You can see 172.16.1.0 /24 has been filtered from the routing table. The matches in the access-list also tell us we have filtered this network. Using an access-list is the most simple method of route filtering. There are two other options. Let me show you:

R1(config-router)#distribute-list ?
  <1-199>      IP access list number
  <1300-2699>  IP expanded access list number
  WORD         Access-list name
  gateway      Filtering incoming updates based on gateway
  prefix       Filter prefixes in routing updates
  route-map    Filter prefixes based on the route-map

Table of Contents

Unit 1: Introduction to EIGRP

• Introduction to EIGRP
• Basic EIGRP configuration
• EIGRP over frame-relay

Unit 2: EIGRP Neighbor Adjacency

• EIGRP Packets
• EIGRP Neighbor Adjacency
• EIGRP Neighbor and Topology Table
• EIGRP Hold Time and Hello Packets
• EIGRP Unequal Load Balancing
• EIGRP Variance Command Example
• EIGRP K Values
• EIGRP K Values Configuration
• EIGRP Static Neighbor
• EIGRP Passive Interface
• EIGRP Authentication
• EIGRP Authentication per Neighbor
• Troubleshooting EIGRP Neighbor Adjacency
• EIGRP OTP (Over the Top)
• EIGRP Graceful Shutdown

Unit 3: EIGRP Filtering

• EIGRP distribute-list filtering
• EIGRP prefix-list filtering
• EIGRP route-map filtering

Unit 4: EIGRP Advanced Features

• EIGRP Stuck in Active
• EIGRP DUAL FSM
• EIGRP Stub
• EIGRP Stub Leak Map
• EIGRP Default Network
• EIGRP Router ID
• EIGRP Summarization
• EIGRP Summary Leak Map
• EIGRP Auto-summary
• EIGRP Named Mode
• EIGRP Add Path Support
• EIGRP Loop-Free Alternate (LFA) Fast Reroute (FRR)
• EIGRP Wide Metrics
• EIGRP IP Bandwidth-percent
• EIGRP TTL=2 explained
• Troubleshooting EIGRP Route Advertisement
• EIGRP External Route Path Selection