Route filtering methods in EIGRP

When you use EIGRP as routing protocol, you have two options for filtering advertised routes:

  • distribute-lists
  • redistribute-statement with route-map

Received networks can only be filtered out with

  • distribute-lists

In my simple example, there are 2 routers (R1 and R2) connected via FastEthernet0/1.
Both routers are running EIGRP process 123.

eigrp_123

Creating EIGRP process 123 on both routers

With the default configuration, only the link-net 10.0.0.0/30 is advertised via EIGRP.

router eigrp 123
 passive-interface default
 no passive-interface FastEthernet0/1
 network 10.0.0.0 0.0.0.3
 no auto-summary

R1 and R2 has 10.0.0.0/30 as directly connected in the routing table, you can also see it in the EIGRP topology table.

R2#sh ip route
Gateway of last resort is not set
     10.0.0.0/30 is subnetted, 1 subnets
C       10.0.0.0 is directly connected, FastEthernet0/1
R2#sh ip eigrp topology 10.0.0.0/30
IP-EIGRP (AS 123): Topology entry for 10.0.0.0/30
  State is Passive, Query origin flag is 1, 1 Successor(s), FD is 281600
  Routing Descriptor Blocks:
  0.0.0.0 (FastEthernet0/1), from Connected, Send flag is 0x0
      Composite metric is (281600/0), Route is Internal
      Vector metric:
        Minimum bandwidth is 10000 Kbit
        Total delay is 1000 microseconds
        Reliability is 255/255
        Load is 1/255
        Minimum MTU is 1500
        Hop count is 0

Route redistribution

You can redistribute routes from other routing protocols into EIGRP with the redistribute <protocol> statement in the EIGRP context.

R1(config)#router eigrp 123
R1(config-router)#redistribute ?
  bgp        Border Gateway Protocol (BGP)
  connected  Connected
  eigrp      Enhanced Interior Gateway Routing Protocol (EIGRP)
  isis       ISO IS-IS
  iso-igrp   IGRP for OSI networks
  metric     Metric for redistributed routes
  mobile     Mobile routes
  odr        On Demand stub Routes
  ospf       Open Shortest Path First (OSPF)
  rip        Routing Information Protocol (RIP)
  route-map  Route map reference
  static     Static routes
  <cr>

To keep it simple, i add some loopback interfaces on R1 and redistribute them with the “redistribute connected” command

interface Loopback1
 ip address 172.16.1.1 255.255.255.0
!
interface Loopback2
 ip address 172.16.2.1 255.255.255.0
!
interface Loopback3
 ip address 172.16.3.1 255.255.255.224
!
interface Loopback4
 ip address 172.16.4.1 255.255.255.0
!
interface Loopback31
 ip address 172.16.31.1 255.255.248.0
!
router eigrp 123
 redistribute connected
 passive-interface default
 no passive-interface FastEthernet0/1
 network 10.0.0.0 0.0.0.3
 no auto-summary

After inserting the redistribute-statement, R2 should see 5 routes from R1

R2#sh ip route eigrp
     172.16.0.0/16 is variably subnetted, 5 subnets, 3 masks
D EX    172.16.24.0/21 [170/409600] via 10.0.0.1, 00:00:25, FastEthernet0/1
D EX    172.16.4.0/24 [170/409600] via 10.0.0.1, 00:50:27, FastEthernet0/1
D EX    172.16.1.0/24 [170/409600] via 10.0.0.1, 00:50:27, FastEthernet0/1
D EX    172.16.2.0/24 [170/409600] via 10.0.0.1, 00:50:27, FastEthernet0/1
D EX    172.16.3.0/27 [170/409600] via 10.0.0.1, 00:50:27, FastEthernet0/1
R2#

Suppress networks from beeing advertised with distribute-lists

The distribute-list statement offers different methods for matching routes that should suppressed from advertising to EIGRP neighbors.

R1(config-router)#distribute-list ?
  <1-199>      IP access list number
  <1300-2699>  IP expanded access list number
  WORD         Access-list name
  gateway      Filtering incoming updates based on gateway
  prefix       Filter prefixes in routing updates

You can use different distribute-lists according to the protocol from which you will redistribute.

Note: When you perfom changes in the distribute-list configuration, you will see the following log messages indicating that there is a

R1:
*Mar  1 02:44:25.039 UTC: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 123: Neighbor 10.0.0.2 (FastEthernet0/1) is resync: route configuration changed
R2:
.Mar  1 02:41:33.859 UTC: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 123: Neighbor 10.0.0.1 (FastEthernet0/1) is resync: peer graceful-restart

This means that there is no impact for packet forwarding (assumed that your IOS support EIGRP graceful-restart) .

In the following examples, i will redistribute routes in different manner on R1.
The template for R1 ist followed by the output of R2’s routing table.

Example: Simple IP ACL #1

  • Advertise all networks in range 172.16.0.0/21
EIGRP configuration on R1:
router eigrp 123
 redistribute connected
 passive-interface default
 no passive-interface FastEthernet0/1
 network 10.0.0.0 0.0.0.3
 distribute-list 9 out connected
 no auto-summary
!
access-list 9 remark Prefixes advertised via EIGRP
access-list 9 permit 172.16.0.0 0.0.7.255
access-list 9 deny   any
EIGRP routes on R2:
R2#sh ip route eigrp
     172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks
D EX    172.16.4.0/24 [170/409600] via 10.0.0.1, 00:53:22, FastEthernet0/1
D EX    172.16.1.0/24 [170/409600] via 10.0.0.1, 00:53:22, FastEthernet0/1
D EX    172.16.2.0/24 [170/409600] via 10.0.0.1, 00:53:22, FastEthernet0/1
D EX    172.16.3.0/27 [170/409600] via 10.0.0.1, 00:53:22, FastEthernet0/1
R2#

Example: Simple IP ACL #2

  • Advertise only 172.16.1.0 and 172.16.3.0
EIGRP configuration on R1:
router eigrp 123
 redistribute connected
 passive-interface default
 no passive-interface FastEthernet0/1
 network 10.0.0.0 0.0.0.3
 distribute-list 9 out connected
 no auto-summary
!
access-list 9 remark Prefixes advertised via EIGRP
access-list 9 permit 172.16.1.0 0.0.0.255
access-list 9 permit 172.16.3.0 0.0.0.255
access-list 9 deny   any
EIGRP routes on R2:
R2#sh ip route eigrp
     172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
D EX    172.16.1.0/24 [170/409600] via 10.0.0.1, 01:20:44, FastEthernet0/1
D EX    172.16.3.0/27 [170/409600] via 10.0.0.1, 00:00:06, FastEthernet0/1
R2#

As you can see, filtering with standard ACLs is very easy but it don’t cares about the prefix length.
prefix-lists are are more flexible way for filtering.

Example: IP Prefix-List #1

  • Advertise only 172.16.1.0/24 and 172.16.3.0/24
EIGRP configuration on R1:
router eigrp 123
 redistribute connected
 passive-interface default
 no passive-interface FastEthernet0/1
 network 10.0.0.0 0.0.0.3
 distribute-list prefix PL_EIGRP_ADVERTISED_PREFIXES out connected
 no auto-summary
!
ip prefix-list PL_EIGRP_ADVERTISED_PREFIXES description Prefixes advertised via EIGRP
ip prefix-list PL_EIGRP_ADVERTISED_PREFIXES seq 5 permit 172.16.1.0/24
ip prefix-list PL_EIGRP_ADVERTISED_PREFIXES seq 10 permit 172.16.3.0/24
EIGRP routes on R2:
R2#sh ip route eigrp
     172.16.0.0/24 is subnetted, 1 subnets
D EX    172.16.1.0 [170/409600] via 10.0.0.1, 01:31:35, FastEthernet0/1
R2#

Because 172.16.3.0 has a prefix-length of 27, it isn’t accepted. The network would only included with a /24 netmask.

Example: IP Prefix-List #2

  • Advertise all prefixes in the range 172.16.0.0/16 with a prefix length <= 24
EIGRP configuration on R1:
router eigrp 123
 redistribute connected
 passive-interface default
 no passive-interface FastEthernet0/1
 network 10.0.0.0 0.0.0.3
 distribute-list prefix PL_EIGRP_ADVERTISED_PREFIXES out connected
 no auto-summary
!
ip prefix-list PL_EIGRP_ADVERTISED_PREFIXES description Prefixes advertised via EIGRP
ip prefix-list PL_EIGRP_ADVERTISED_PREFIXES seq 5 permit 172.16.0.0/16 le 24
EIGRP routes on R2:
R2#sh ip route eigrp
     172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks
D EX    172.16.24.0/21 [170/409600] via 10.0.0.1, 00:10:23, FastEthernet0/1
D EX    172.16.4.0/24 [170/409600] via 10.0.0.1, 00:10:23, FastEthernet0/1
D EX    172.16.1.0/24 [170/409600] via 10.0.0.1, 01:51:14, FastEthernet0/1
D EX    172.16.2.0/24 [170/409600] via 10.0.0.1, 00:10:23, FastEthernet0/1
R2#

Example: IP Prefix-List #3

  • Advertise all prefixes in the range 172.16.0.0/16 with a prefix length >= 24
EIGRP configuration on R1:
router eigrp 123
 redistribute connected
 passive-interface default
 no passive-interface FastEthernet0/1
 network 10.0.0.0 0.0.0.3
 distribute-list prefix PL_EIGRP_ADVERTISED_PREFIXES out connected
 no auto-summary
!
ip prefix-list PL_EIGRP_ADVERTISED_PREFIXES description Prefixes advertised via EIGRP
ip prefix-list PL_EIGRP_ADVERTISED_PREFIXES seq 5 permit 172.16.0.0/16 ge 24
EIGRP routes on R2:
R2#sh ip route eigrp
     172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks
D EX    172.16.4.0/24 [170/409600] via 10.0.0.1, 00:12:54, FastEthernet0/1
D EX    172.16.1.0/24 [170/409600] via 10.0.0.1, 01:53:46, FastEthernet0/1
D EX    172.16.2.0/24 [170/409600] via 10.0.0.1, 00:12:54, FastEthernet0/1
D EX    172.16.3.0/27 [170/409600] via 10.0.0.1, 00:00:37, FastEthernet0/1
R2#

Example: IP Prefix-List #4

  • Advertise all prefixes with a prefix length <= 21 and >=27 (–> 172.16.3.0/27 and 172.16.24.0/21), but not a default-route
EIGRP configuration on R1:
router eigrp 123
 redistribute connected
 passive-interface default
 no passive-interface FastEthernet0/1
 network 10.0.0.0 0.0.0.3
 distribute-list prefix PL_EIGRP_ADVERTISED_PREFIXES out connected
 no auto-summary
!
ip prefix-list PL_EIGRP_ADVERTISED_PREFIXES description Prefixes advertised via EIGRP
ip prefix-list PL_EIGRP_ADVERTISED_PREFIXES seq 5 deny 0.0.0.0/0
ip prefix-list PL_EIGRP_ADVERTISED_PREFIXES seq 10 permit 0.0.0.0/0 le 21
ip prefix-list PL_EIGRP_ADVERTISED_PREFIXES seq 15 permit 0.0.0.0/0 ge 27
EIGRP routes on R2:
R2#sh ip route eigrp
     172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
D EX    172.16.24.0/21 [170/409600] via 10.0.0.1, 00:18:26, FastEthernet0/1
D EX    172.16.3.0/27 [170/409600] via 10.0.0.1, 00:11:50, FastEthernet0/1
R2#

Example: IP Prefix-List #5

  • Advertise all prefixes with a prefix length >= 21 and <=27
EIGRP configuration on R1:
router eigrp 123
 redistribute connected
 passive-interface default
 no passive-interface FastEthernet0/1
 network 10.0.0.0 0.0.0.3
 distribute-list prefix PL_EIGRP_ADVERTISED_PREFIXES out connected
 no auto-summary
!
ip prefix-list PL_EIGRP_ADVERTISED_PREFIXES description Prefixes advertised via EIGRP
ip prefix-list PL_EIGRP_ADVERTISED_PREFIXES seq 10 deny 0.0.0.0/0 ge 28
ip prefix-list PL_EIGRP_ADVERTISED_PREFIXES seq 15 deny 0.0.0.0/0 le 20
ip prefix-list PL_EIGRP_ADVERTISED_PREFIXES seq 20 permit 0.0.0.0/0 le 27
EIGRP routes on R2:
R2#sh ip route eigrp
     172.16.0.0/16 is variably subnetted, 5 subnets, 3 masks
D EX    172.16.24.0/21 [170/409600] via 10.0.0.1, 00:01:37, FastEthernet0/1
D EX    172.16.4.0/24 [170/409600] via 10.0.0.1, 00:07:21, FastEthernet0/1
D EX    172.16.1.0/24 [170/409600] via 10.0.0.1, 00:07:21, FastEthernet0/1
D EX    172.16.2.0/24 [170/409600] via 10.0.0.1, 00:07:21, FastEthernet0/1
D EX    172.16.3.0/27 [170/409600] via 10.0.0.1, 00:07:21, FastEthernet0/1
R2#

Suppress networks from beeing advertised with route-maps

With route-maps you have a little bit more flexibility compared with distribute lists, because you can e.g. add/match route-tags or redistribute your interface’s IP without specifying the IP in detail,…
But if you don’t need such fancy features, both ways offers the same methods (ACLs, Prefix-Lists) for filtering routes.

Example: route-map with standard access-list

  • Advertise only 172.16.1.0 and 172.16.3.0
EIGRP configuration on R1:
router eigrp 123
 redistribute connected route-map RM_CONNECTED_TO_EIGRP123
 passive-interface default
 no passive-interface FastEthernet0/1
 network 10.0.0.0 0.0.0.3
 no auto-summary
!
access-list 9 remark Prefixes announced via EIGRP
access-list 9 permit 172.16.1.0 0.0.0.255
access-list 9 permit 172.16.3.0 0.0.0.255
access-list 9 deny   any
!
route-map RM_CONNECTED_TO_EIGRP123 permit 10
 description Prefixes advertised via EIGRP
 match ip address 9
!
EIGRP routes on R2:
R2#sh ip route eigrp
     172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
D EX    172.16.1.0/24 [170/409600] via 10.0.0.1, 00:07:09, FastEthernet0/1
D EX    172.16.3.0/27 [170/409600] via 10.0.0.1, 00:07:09, FastEthernet0/1
R2#

Example: route-map with ip prefix-list

  • Advertise all prefixes in the range 172.16.0.0/16 with a prefix length >= 24
EIGRP configuration on R1:
router eigrp 123
 redistribute connected route-map RM_CONNECTED_TO_EIGRP123
 passive-interface default
 no passive-interface FastEthernet0/1
 network 10.0.0.0 0.0.0.3
 no auto-summary
!
ip prefix-list PL_EIGRP_ADVERTISED_PREFIXES description Prefixes advertised via EIGRP
ip prefix-list PL_EIGRP_ADVERTISED_PREFIXES seq 5 permit 172.16.0.0/16 le 24
!
route-map RM_CONNECTED_TO_EIGRP123 permit 10
 description Prefixes advertised via EIGRP
 match ip address prefix-list PL_EIGRP_ADVERTISED_PREFIXES
!
EIGRP routes on R2:
R2#sh ip route eigrp
     172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks
D EX    172.16.24.0/21 [170/409600] via 10.0.0.1, 00:00:24, FastEthernet0/1
D EX    172.16.4.0/24 [170/409600] via 10.0.0.1, 00:00:24, FastEthernet0/1
D EX    172.16.1.0/24 [170/409600] via 10.0.0.1, 00:00:24, FastEthernet0/1
D EX    172.16.2.0/24 [170/409600] via 10.0.0.1, 00:00:24, FastEthernet0/1
R2#

Example: route-map with a combination of ip prefix-list and access-list

  • Advertise all prefixes in the range 172.16.0.0/16 with a prefix length >= 24 and 172.16.3.0 (without a specific prefix)
EIGRP configuration on R1:
router eigrp 123
 redistribute connected route-map RM_CONNECTED_TO_EIGRP123
 passive-interface default
 no passive-interface FastEthernet0/1
 network 10.0.0.0 0.0.0.3
 no auto-summary
!
ip prefix-list PL_EIGRP_ADVERTISED_PREFIXES description Prefixes advertised via EIGRP
ip prefix-list PL_EIGRP_ADVERTISED_PREFIXES seq 5 permit 172.16.0.0/16 le 24
access-list 9 remark Prefixes advertised via EIGRP
access-list 9 permit 172.16.3.0 0.0.0.255
access-list 9 deny   any
!
route-map RM_CONNECTED_TO_EIGRP123 permit 10
 description Prefixes filtered with ip prefix-list
 match ip address prefix-list PL_EIGRP_ADVERTISED_PREFIXES
!
route-map RM_CONNECTED_TO_EIGRP123 permit 20
 description Prefixes filtered with access-list
 match ip address 9
!
EIGRP routes on R2:
R2#sh ip route eigrp
     172.16.0.0/16 is variably subnetted, 5 subnets, 3 masks
D EX    172.16.24.0/21 [170/409600] via 10.0.0.1, 00:03:54, FastEthernet0/1
D EX    172.16.4.0/24 [170/409600] via 10.0.0.1, 00:03:54, FastEthernet0/1
D EX    172.16.1.0/24 [170/409600] via 10.0.0.1, 00:03:54, FastEthernet0/1
D EX    172.16.2.0/24 [170/409600] via 10.0.0.1, 00:03:54, FastEthernet0/1
D EX    172.16.3.0/27 [170/409600] via 10.0.0.1, 00:03:02, FastEthernet0/1
R2#

Example: route-map with an interface as match-criteria

  • Advertise the prefixes configured on the interface matching the route-map
EIGRP configuration on R1:
router eigrp 123
 redistribute connected route-map RM_CONNECTED_TO_EIGRP123
 passive-interface default
 no passive-interface FastEthernet0/1
 network 10.0.0.0 0.0.0.3
 no auto-summary
!
route-map RM_CONNECTED_TO_EIGRP123 permit 10
 match interface Loopback1 Loopback2 Loopback31
!
EIGRP routes on R2:
R2#sh ip route eigrp
     172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
D EX    172.16.24.0/21 [170/409600] via 10.0.0.1, 00:00:05, FastEthernet0/1
D EX    172.16.1.0/24 [170/409600] via 10.0.0.1, 00:01:39, FastEthernet0/1
D EX    172.16.2.0/24 [170/409600] via 10.0.0.1, 00:00:11, FastEthernet0/1
R2#

Example: Adding a tag to an advertised route

  • Add the tag 4711 to route 172.16.1.0/24. All other 172.16.0.0/16 networks will be advertised without tag.
    The route-tag could be useful for R2 if he wants to treat routes with tag 4711 different to other routes.
EIGRP configuration on R1:
router eigrp 123
 redistribute connected route-map RM_CONNECTED_TO_EIGRP123
 passive-interface default
 no passive-interface FastEthernet0/1
 network 10.0.0.0 0.0.0.3
 no auto-summary
!
access-list 9 remark Prefixes announced via EIGRP
access-list 9 permit 172.16.0.0 0.0.255.255
access-list 9 deny   any
access-list 10 remark Add a tag to these routes
access-list 10 permit 172.16.1.0 0.0.0.255
access-list 10 deny   any
!
route-map RM_CONNECTED_TO_EIGRP123 permit 10
 match ip address 10
 set tag 4711
!
route-map RM_CONNECTED_TO_EIGRP123 permit 20
 match ip address 9
!
EIGRP routes on R2:
R2#sh ip route eigrp
     172.16.0.0/16 is variably subnetted, 5 subnets, 3 masks
D EX    172.16.24.0/21 [170/409600] via 10.0.0.1, 00:00:38, FastEthernet0/1
D EX    172.16.4.0/24 [170/409600] via 10.0.0.1, 00:00:38, FastEthernet0/1
D EX    172.16.1.0/24 [170/409600] via 10.0.0.1, 00:00:43, FastEthernet0/1
D EX    172.16.2.0/24 [170/409600] via 10.0.0.1, 00:00:38, FastEthernet0/1
D EX    172.16.3.0/27 [170/409600] via 10.0.0.1, 00:00:38, FastEthernet0/1
R2#sh ip route 172.16.1.0
Routing entry for 172.16.1.0/24
  Known via "eigrp 123", distance 170, metric 409600
  Tag 4711, type external
  Redistributing via eigrp 123
  Last update from 10.0.0.1 on FastEthernet0/1, 00:00:45 ago
  Routing Descriptor Blocks:
  * 10.0.0.1, from 10.0.0.1, 00:00:45 ago, via FastEthernet0/1
      Route metric is 409600, traffic share count is 1
      Total delay is 6000 microseconds, minimum bandwidth is 10000 Kbit
      Reliability 255/255, minimum MTU 1500 bytes
      Loading 1/255, Hops 1
      Route tag 4711

Filtering received routes with distribute-lists

For preventing the EIGRP process from neighbors misconfiguration or unmeant networks, we can setup a distribute-list for filtering networks received in EIGRP updates.

First i will advertise a default route and add another Loopback interface to R1’s configuration.

interface Loopback999
 ip address 2.2.2.2 255.248.0.0
end
EIGRP configuration on R1:
router eigrp 123
 redistribute connected route-map RM_CONNECTED_TO_EIGRP123
 redistribute static route-map RM_STATIC_TO_EIGRP123
 passive-interface default
 no passive-interface FastEthernet0/1
 network 10.0.0.0 0.0.0.3
 no auto-summary
!
ip route 0.0.0.0 0.0.0.0 Null0 tag 666
!
access-list 9 remark Prefixes advertised via EIGRP
access-list 9 permit 172.16.0.0 0.0.255.255
access-list 9 deny   any
access-list 10 remark Add a tag to these routes
access-list 10 permit 172.16.1.0 0.0.0.255
access-list 10 deny   any
!
route-map RM_STATIC_TO_EIGRP123 permit 10
 description Static-Routes with tag 666 will be advertised via EIGRP
 match tag 666
!
route-map RM_CONNECTED_TO_EIGRP123 permit 10
 description Add tag 4711 to routes matching access-list 10
 match ip address 10
 set tag 4711
!
route-map RM_CONNECTED_TO_EIGRP123 permit 20
 description Advertise routes matching access-list 9 via EIGRP
 match ip address 9
!
route-map RM_CONNECTED_TO_EIGRP123 permit 30
 description Advertise network from Lo999 via EIGRP
 match interface Loopback999
!
EIGRP routes on R2:
R2#sh ip route eigrp
     2.0.0.0/13 is subnetted, 1 subnets
D EX    2.0.0.0 [170/409600] via 10.0.0.1, 00:00:38, FastEthernet0/1
     172.16.0.0/16 is variably subnetted, 5 subnets, 3 masks
D EX    172.16.24.0/21 [170/409600] via 10.0.0.1, 00:56:37, FastEthernet0/1
D EX    172.16.4.0/24 [170/409600] via 10.0.0.1, 00:56:37, FastEthernet0/1
D EX    172.16.1.0/24 [170/409600] via 10.0.0.1, 00:56:41, FastEthernet0/1
D EX    172.16.2.0/24 [170/409600] via 10.0.0.1, 00:56:37, FastEthernet0/1
D EX    172.16.3.0/27 [170/409600] via 10.0.0.1, 00:56:37, FastEthernet0/1
D*EX 0.0.0.0/0 [170/281600] via 10.0.0.1, 00:10:26, FastEthernet0/1
(the asterisk marks that 10.0.0.1 is chosen as gateway of last resort)

After adjusting the configuration on R1, we can add an incoming distribute-list on R2.
First we will filter out the default route, because we don’t want to use it. All other networks are desired.

EIGRP configuration on R2:
router eigrp 123
 passive-interface default
 no passive-interface FastEthernet0/1
 network 10.0.0.0 0.0.0.3
 distribute-list prefix PL_ALLOWED_INCOMING_EIGRP_ROUTES in
 no auto-summary
!
ip prefix-list PL_ALLOWED_INCOMING_EIGRP_ROUTES description Desired Prefixes
ip prefix-list PL_ALLOWED_INCOMING_EIGRP_ROUTES seq 5 deny 0.0.0.0/0
ip prefix-list PL_ALLOWED_INCOMING_EIGRP_ROUTES seq 10 permit 0.0.0.0/0 le 32
EIGRP routes on R2:
R2#sh ip route eigrp
     2.0.0.0/13 is subnetted, 1 subnets
D EX    2.0.0.0 [170/409600] via 10.0.0.1, 00:03:04, FastEthernet0/1
     172.16.0.0/16 is variably subnetted, 5 subnets, 3 masks
D EX    172.16.24.0/21 [170/409600] via 10.0.0.1, 00:03:04, FastEthernet0/1
D EX    172.16.4.0/24 [170/409600] via 10.0.0.1, 00:03:04, FastEthernet0/1
D EX    172.16.1.0/24 [170/409600] via 10.0.0.1, 00:03:04, FastEthernet0/1
D EX    172.16.2.0/24 [170/409600] via 10.0.0.1, 00:03:04, FastEthernet0/1
D EX    172.16.3.0/27 [170/409600] via 10.0.0.1, 00:03:04, FastEthernet0/1
R2#

If you also don’t want to see 2.0.0.0/13, because it’s not a RFC 1918 address and you will only allow those addresses, you have to adjust the prefix-list.

EIGRP configuration on R2:
router eigrp 123
 passive-interface default
 no passive-interface FastEthernet0/1
 network 10.0.0.0 0.0.0.3
 distribute-list prefix PL_ALLOWED_INCOMING_EIGRP_ROUTES in
 no auto-summary
!
ip prefix-list PL_ALLOWED_INCOMING_EIGRP_ROUTES description Only RFC1918 networks desired
ip prefix-list PL_ALLOWED_INCOMING_EIGRP_ROUTES seq 5 permit 172.16.0.0/12 le 32
ip prefix-list PL_ALLOWED_INCOMING_EIGRP_ROUTES seq 10 permit 192.168.0.0/16 le 32
ip prefix-list PL_ALLOWED_INCOMING_EIGRP_ROUTES seq 15 permit 10.0.0.0/8 le 32
ip prefix-list PL_ALLOWED_INCOMING_EIGRP_ROUTES seq 20 deny 0.0.0.0/0 le 32
EIGRP routes on R2:
R2# sh ip route eigrp
     172.16.0.0/16 is variably subnetted, 5 subnets, 3 masks
D EX    172.16.24.0/21 [170/409600] via 10.0.0.1, 00:18:42, FastEthernet0/1
D EX    172.16.4.0/24 [170/409600] via 10.0.0.1, 00:18:42, FastEthernet0/1
D EX    172.16.1.0/24 [170/409600] via 10.0.0.1, 00:18:42, FastEthernet0/1
D EX    172.16.2.0/24 [170/409600] via 10.0.0.1, 00:18:42, FastEthernet0/1
D EX    172.16.3.0/27 [170/409600] via 10.0.0.1, 00:18:42, FastEthernet0/1
R2#

3 comments to Route filtering methods in EIGRP

  • Cheryl

    OMG. This was the best summary of router filtering with EIGRP that I have found. Its just complex enough to show me the power and the alternatives. Thank you for taking the time. Ive got all types of ideas now.

  • Adnane

    nice work ,,, well explained ,,, and thank you for sharin ,,, god bless ..

  • ilhampst

    Thanks for sharing. I want to make an article like this in my native language. This article would be one of my reliable source.

Leave a Reply

 

 

 

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>