Distribute lists with gateway option

Hello

Just a short update today. A relatively less known option to filter updates coming from a specific router using a prefix list.

2 prefix lists are needed: the first one denies the gateway from which we don’t want any updates and permits all the other gateways. the second prefix list defines routes.

ip prefix-list IDONTLIKER4 seq 5 deny 155.1.0.4/32
ip prefix-list IDONTLIKER4 seq 10 permit 0.0.0.0/0 le 32

ip prefix-list ROUTES seq 5 permit 0.0.0.0/0 le 32

router rip

distribute-list prefix ROUTES gateway IDONTLIKER4 in.

!!!we have applied the config but haven’t cleared the routing table yet so we still see a route to 150.1.4.4 coming from 155.1.0.4!!!

R5#show ip route

150.1.0.0/32 is subnetted, 10 subnets
R 150.1.1.1 [120/1] via 155.1.0.1, 00:00:24, Tunnel0
R 150.1.2.2 [120/1] via 155.1.0.2, 00:00:02, Tunnel0
R 150.1.3.3 [120/1] via 155.1.0.3, 00:00:09, Tunnel0
R 150.1.4.4 [120/1] via 155.1.45.4, 00:00:12, Ethernet0/0.45
[120/1] via 155.1.0.4, 00:00:21, Tunnel0
C 150.1.5.5 is directly connected, Loopback0
R 150.1.6.6 [120/2] via 155.1.0.1, 00:00:24, Tunnel0
R 150.1.7.7 [120/2] via 155.1.0.3, 00:00:09, Tunnel0
R 150.1.8.8 [120/1] via 155.1.58.8, 00:00:24, Ethernet0/0.58

!!!now we clear the routing table and the route to 150.1.4.4 through 155.1.0.4 is gone!!!
R5#clear ip route *
R5#show ip route

150.1.0.0/32 is subnetted, 10 subnets
R 150.1.1.1 [120/1] via 155.1.0.1, 00:00:07, Tunnel0
R 150.1.2.2 [120/1] via 155.1.0.2, 00:00:07, Tunnel0
R 150.1.3.3 [120/1] via 155.1.0.3, 00:00:07, Tunnel0
R 150.1.4.4 [120/1] via 155.1.45.4, 00:00:03, Ethernet0/0.45
C 150.1.5.5 is directly connected, Loopback0
R 150.1.6.6 [120/2] via 155.1.0.1, 00:00:07, Tunnel0
R 150.1.7.7 [120/2] via 155.1.0.3, 00:00:07, Tunnel0
R 150.1.8.8 [120/1] via 155.1.58.8, 00:00:07, Ethernet0/0.58
R 150.1.9.9 [120/3] via 155.1.0.3, 00:00:07, Tunnel0
R 150.1.10.10 [120/2] via 155.1.58.8, 00:00:07, Ethernet0/0.58

The trick here is not to forget the word PREFIX after distribute-list. ios will accept the syntax without it thinking we refer to an access-list ROUTES (which doesn’t exist). This will have unpredictable and iosversion-dependent results.

Skomentuj

Wprowadź swoje dane lub kliknij jedną z tych ikon, aby się zalogować:

Gravatar
Logo WordPress.com

Komentujesz korzystając z konta WordPress.com. Wyloguj /  Zmień )

Zdjęcie na Google

Komentujesz korzystając z konta Google. Wyloguj /  Zmień )

Zdjęcie z Twittera

Komentujesz korzystając z konta Twitter. Wyloguj /  Zmień )

Zdjęcie na Facebooku

Komentujesz korzystając z konta Facebook. Wyloguj /  Zmień )

Anuluj

Połączenie z %s