Monday, March 17, 2014
Saturday, March 15, 2014
EIGRP Route Filtering
- Are you looking for flexible job in Information Technology ? Post your CV with:
- https://www.security-architecture.com/add-cv/
- Why to Filter routes in EIGRP
- Branch routers do not need to see each others networks.
- Branch routers might be in sales division and don’t need to use manufacturing division
- Some routers will have smaller routing table
- Propagation of topology database on slow links will use less bandwidth
- Security reason
- How to Filter routes in EIGRP:
- Filtering routes in EIGRP is always done with distribution-lists. To match the routes to be filtered we can use:
- access-list
- ip prefix-list
- route-map
Filter by an access-list
- Let’s say router have the network 172.16.28.0/24
- We want this prefix to be filtered from being propagated to other routers.
- Remember that at the end of each access-list there is an implicit deny statement
- Create a Standard ACL (named or numbered)
- Ip access-list standard 5
- deny 172.16.0.0 0.0.255.255
- permit any
- Attach the access-list to eigrp by using distribute-list
- Router eigrp 10
- distribute-list 5 out
Filter by a prefix-list
- Caracteristics of prefix-list usage
- Allows the matching of the prefix-length (subnet mask) while ACL do not
- Faster matching of routes as compared to ACL
- Can only be used for route filtering and cannot be used for security
- Each line has a sequence number and permit/deny statement
- Example of prefix-list filtering>
- Ip prefix-list list-name seq seq-num {deny | permit} {prefix/prefix-length} [ge ge-value] [le le-value]
- Route prefix must be within the range of addresses implied by the prefix/prefix-length parameters
- Route’s prefix length must match the range of prefixes implied by the prefix-length, ge-value and le-value
- You can read our other blogs:
- http://ftpservices.blogspot.com/
- http://dhcpservices.blogspot.com/
-
Subscribe to:
Posts (Atom)