Saturday, March 15, 2014

EIGRP Route Filtering

Are you looking for flexible job in Information Technology ? Post your CV with:
https://www.security-architecture.com/add-cv/

Why to Filter routes in EIGRP
Branch routers do not need to see each others networks.
Branch routers might be in sales division and don’t need to use manufacturing division
Some routers will have smaller routing table
Propagation of topology database on slow links will use less bandwidth
Security reason
How to Filter routes in EIGRP:
Filtering routes in EIGRP is always done with distribution-lists. To match the routes to be filtered we can use:
  • access-list
  • ip prefix-list
  • route-map

Filter by an access-list

Let’s say router have the network 172.16.28.0/24
We want this prefix to be filtered from being propagated to other routers.
Remember that at the end of each access-list there is an implicit deny statement
Create a Standard ACL (named or numbered)
Ip access-list standard 5
deny 172.16.0.0 0.0.255.255
permit any
Attach the access-list to eigrp by using distribute-list
Router eigrp 10
distribute-list 5 out

Filter by a prefix-list

Caracteristics of prefix-list usage
Allows the matching of the prefix-length (subnet mask) while ACL do not
Faster matching of routes as compared to ACL
Can only be used for route filtering and cannot be used for security
Each line has a sequence number and permit/deny statement
Example of prefix-list filtering>
Ip prefix-list list-name seq seq-num {deny | permit} {prefix/prefix-length} [ge ge-value] [le le-value]
Route prefix must be within the range of addresses implied by the prefix/prefix-length parameters
Route’s prefix length must match the range of prefixes implied by the prefix-length, ge-value and le-value


You can read our other blogs:
http://ftpservices.blogspot.com/
http://dhcpservices.blogspot.com/