Requirements:
- Shutdown R5’s point-to-point link to R4.
- Configure an extended access-list filter on R5 so that traffic for the Loopback0 networks of SW1 and SW3 is sent to R1.
- Traffic for the Loopback0 networks of R4 and R6 should be sent to R2.
- Traffic for the Loopback0 networks of R1 and R2 should be sent to R3.
- This filter should not affect any other updates on this segment.
R5:
access-list 100 deny ip host 155.1.0.2 host 150.1.7.0
access-list 100 deny ip host 155.1.0.3 host 150.1.7.0
access-list 100 deny ip host 155.1.0.4 host 150.1.7.0
access-list 100 deny ip host 155.1.0.2 host 150.1.9.0
access-list 100 deny ip host 155.1.0.3 host 150.1.9.0
access-list 100 deny ip host 155.1.0.4 host 150.1.9.0
access-list 100 deny ip host 155.1.0.1 host 150.1.4.0
access-list 100 deny ip host 155.1.0.3 host 150.1.4.0
access-list 100 deny ip host 155.1.0.4 host 150.1.4.0
access-list 100 deny ip host 155.1.0.1 host 150.1.6.0
access-list 100 deny ip host 155.1.0.3 host 150.1.6.0
access-list 100 deny ip host 155.1.0.4 host 150.1.6.0
access-list 100 deny ip host 155.1.0.1 host 150.1.1.0
access-list 100 deny ip host 155.1.0.2 host 150.1.1.0
access-list 100 deny ip host 155.1.0.4 host 150.1.1.0
access-list 100 deny ip host 155.1.0.1 host 150.1.2.0
access-list 100 deny ip host 155.1.0.2 host 150.1.2.0
access-list 100 deny ip host 155.1.0.4 host 150.1.2.0
access-list 100 permit ip any any
!
router eigrp 100
distribute-list 100 in Serial0/0
note:
Like RIP, extended access-lists when called as a distribute-list in IGP have a different meaning than in redistribution or as in BGP. With BGP and redistribution the “source” field in the ACL represents the network address, and the “destination” field represents the subnet mask. In IGP distribute-list application the “source” field in the ACL matches the update source of the route,
and the “destination” field represents the network address. This implementation allows us to control which networks we are receiving, but more importantly who we are receiving them from. Before the filter is applied, R5 routes as follows.
before:
Rack1R5#show ip route eigrp | include 150.1.
150.1.0.0/24 is subnetted, 9 subnets
D 150.1.7.0 [90/640256] via 155.1.0.3, 00:43:14, Serial0/0
D 150.1.6.0 [90/642560] via 155.1.0.4, 00:00:20, Serial0/0
D 150.1.4.0 [90/640000] via 155.1.0.4, 00:00:20, Serial0/0
D 150.1.3.0 [90/640000] via 155.1.0.3, 01:07:01, Serial0/0
D 150.1.2.0 [90/640000] via 155.1.0.2, 01:07:01, Serial0/0
D 150.1.1.0 [90/640000] via 155.1.0.1, 01:07:01, Serial0/0
D 150.1.9.0 [90/640512] via 155.1.0.3, 00:43:15, Serial0/0
D 150.1.8.0 [90/130560] via 155.1.58.8, 01:46:12, FastEthernet0/0
after:
Rack1R5#show ip route eigrp | include 150.1.
150.1.0.0/24 is subnetted, 9 subnets
D 150.1.7.0 [90/640512] via 155.1.0.1, 00:03:20, Serial0/0
D 150.1.6.0 [90/1666560] via 155.1.0.2, 00:03:20, Serial0/0
D 150.1.4.0 [90/26766592] via 155.1.0.2, 00:03:20, Serial0/0
D 150.1.3.0 [90/640000] via 155.1.0.3, 00:03:20, Serial0/0
D 150.1.2.0 [90/1152000] via 155.1.0.3, 00:03:20, Serial0/0
D 150.1.1.0 [90/1152000] via 155.1.0.3, 00:03:20, Serial0/0
D 150.1.9.0 [90/640768] via 155.1.0.1, 00:03:20, Serial0/0
D 150.1.8.0 [90/130560] via 155.1.58.8, 00:03:20, FastEthernet0/0
VIRTUALRACK for Network Engineers... This blog is all about networking technologies that drives the human network today... Welcome to the Human Network!!
Nice Article! Thanks for sharing with us.
ReplyDeleteBasic IP Traffic Management with Access lists
What about filtering the route in the out direction?
ReplyDelete