Saturday 1 February 2020

EIGRP Filtering with Standard ACL


Now we are going to filter the same R6 loopback address but using Standard ACL method.
The R6 loopback address should not be leaked to R2. But R3 can be reachable.

R2#sh ip  route 150.6.6.0
Routing entry for 150.6.6.0/24
  Known via "eigrp 100", distance 90, metric 2274816, type internal
  Redistributing via eigrp 100
  Last update from 155.1.123.1 on Serial0/0, 00:13:01 ago
  Routing Descriptor Blocks:
  * 155.1.123.1, from 155.1.123.1, 00:13:01 ago, via Serial0/0
      Route metric is 2274816, traffic share count is 1
      Total delay is 24100 microseconds, minimum bandwidth is 1544 Kbit
      Reliability 255/255, minimum MTU 1500 bytes
      Loading 1/255, Hops 2
R3#sh ip route 150.6.6.0
Routing entry for 150.6.6.0/24
  Known via "eigrp 100", distance 90, metric 2274816, type internal
  Redistributing via eigrp 100
  Last update from 155.1.123.1 on Serial0/0, 00:03:34 ago
  Routing Descriptor Blocks:
  * 155.1.123.1, from 155.1.123.1, 00:03:34 ago, via Serial0/0
      Route metric is 2274816, traffic share count is 1
      Total delay is 24100 microseconds, minimum bandwidth is 1544 Kbit
      Reliability 255/255, minimum MTU 1500 bytes
      Loading 1/255, Hops 2

R2 receiving the update from R1 via s0/0.We will create a standard ACL on R2 and we will apply on inbound direction. Why??  Can’t we apply in R1 ??
Because if we create an ACL and apply on out bound direction R1 will block the update for both the neighbor R2 and R3. But we need only R2 should not have this address. As we know Standard ACL should be applied in destination side.
R2#sh ip  route 150.6.6.0
% Network not in table
R2#sh run
access-list 1 deny   150.6.6.0 0.0.0.255
access-list 1 permit any
!
 ip summary-address eigrp 100 111.1.0.0 255.255.248.0 5 leak-map BB1
 ip hello-interval eigrp 100 2
 ip hold-time eigrp 100 6
router eigrp 100
 network 1.0.0.0
 network 150.2.0.0
 network 155.1.0.0
 distribute-list 1 in Serial0/0
 no auto-summary

R3#sh ip route 150.6.6.0
Routing entry for 150.6.6.0/24
  Known via "eigrp 100", distance 90, metric 2274816, type internal
  Redistributing via eigrp 100
  Last update from 155.1.123.1 on Serial0/0, 00:03:34 ago
  Routing Descriptor Blocks:
  * 155.1.123.1, from 155.1.123.1, 00:03:34 ago, via Serial0/0
      Route metric is 2274816, traffic share count is 1
      Total delay is 24100 microseconds, minimum bandwidth is 1544 Kbit
      Reliability 255/255, minimum MTU 1500 bytes
      Loading 1/255, Hops 2

By at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)