Friday, April 8, 2011

LAB: EIGRP Filtering with Route Maps

requirements:
- Configure R4 to redistribute the VLAN 43 subnet into EIGRP with the tag value of 4.
- Configure a route-map filter on R2 that matches this tag value and denies the route from being installed in the routing table.
- Configure a route-map filter on R3 that denies EIGRP routes with a metric in the range of 500,000 – 750,000 from entering the routing table.
- These filters should not impact any other networks advertised by R4 or learned by R2 and R3.

R2:

router eigrp 100
distribute-list route-map FILTER_ON_TAGS in
!
route-map FILTER_ON_TAGS deny 10
match tag 4
!
route-map FILTER_ON_TAGS permit 20

R3:

router eigrp 100
distribute-list route-map FILTER_ON_METRIC_RANGE in
!
route-map FILTER_ON_METRIC_RANGE deny 10
match metric 625000 +- 125000
!
route-map FILTER_ON_METRIC_RANGE permit 20

R4:

router eigrp 100
redistribute rip metric 100000 100 255 1 1500 route-map RIP_TO_EIGRP
!
ip prefix-list VLAN_43 seq 5 permit 204.12.1.0/24
!
route-map RIP_TO_EIGRP permit 10
match ip address prefix-list VLAN_43
set tag 4
!
route-map RIP_TO_EIGRP permit 20

Note:

Unlike BGP, filtering with route-maps in IGP is usually limited to redistribution filtering only. However EIGRP now supports route-map filtering as a distributelist with matches on metric and tag. Route tags are set at the time of redistribution, and can be used like BGP community values to group prefixes together without having to match on the actual route in a prefix-list or access-list. In this example we can see that R2 and R4 see the prefix 204.12.1.0/24 with a tag of 4 in the topology table. R2 installs this in the routing table until the distribute-list is applied which denies routes with that tag value.


Rack1R4#sho ip eigrp topology | include tag
P 204.12.1.0/24, 1 successors, FD is 2560, tag is 4

Rack1R2#sho ip eigrp topology | include tag
P 204.12.1.0/24, 1 successors, FD is 1026560, tag is 4
Rack1R2#show ip route 204.12.1.0
Routing entry for 204.12.1.0/24
Known via "eigrp 100", distance 170, metric 1049600
Tag 4, type external
Redistributing via eigrp 100
Last update from 155.1.0.5 on Serial0/0.1, 00:01:49 ago
Routing Descriptor Blocks:
* 155.1.0.5, from 155.1.0.5, 00:01:49 ago, via Serial0/0.1
Route metric is 1049600, traffic share count is 1
Total delay is 41000 microseconds, minimum bandwidth is 1544 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 2
Route tag 4

Rack1R2#show ip route 204.12.1.0
Routing entry for 204.12.1.0/24
Known via "eigrp 100", distance 170, metric 1049600
Tag 4, type external
Redistributing via eigrp 100
Last update from 155.1.0.5 on Serial0/0.1, 00:12:32 ago
Routing Descriptor Blocks:
* 155.1.0.5, from 155.1.0.5, 00:12:32 ago, via Serial0/0.1
Route metric is 1049600, traffic share count is 1
Total delay is 41000 microseconds, minimum bandwidth is 1544 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 2
Route tag 4

Rack1R2#show ip route 204.12.1.0
% Network not in table

routes that are not affected by the filter:
Rack1R2#show ip route eigrp
155.1.0.0/24 is subnetted, 13 subnets
D 155.1.146.0 [90/1026560] via 155.1.23.3, 00:29:45, Serial0/1
[90/1026560] via 155.1.0.5, 00:29:45, Serial0/0.1
D 155.1.8.0 [90/514816] via 155.1.0.5, 00:29:47, Serial0/0.1
D 155.1.9.0 [90/512768] via 155.1.23.3, 00:29:45, Serial0/1
D 155.1.13.0 [90/1024000] via 155.1.23.3, 00:29:47, Serial0/1
D 155.1.7.0 [90/512512] via 155.1.23.3, 00:29:45, Serial0/1
D 155.1.5.0 [90/514560] via 155.1.0.5, 00:29:47, Serial0/0.1
D 155.1.58.0 [90/514560] via 155.1.0.5, 00:29:47, Serial0/0.1
D 155.1.37.0 [90/512256] via 155.1.23.3, 00:29:45, Serial0/1
D 155.1.79.0 [90/512512] via 155.1.23.3, 00:29:45, Serial0/1
D 155.1.67.0 [90/1029120] via 155.1.23.3, 00:29:45, Serial0/1
[90/1029120] via 155.1.0.5, 00:29:45, Serial0/0.1
D 155.1.108.0 [90/517120] via 155.1.0.5, 00:29:47, Serial0/0.1
D*EX 200.0.0.0/24 [170/1666560] via 155.1.23.3, 00:29:45, Serial0/1
[170/1666560] via 155.1.0.5, 00:29:45, Serial0/0.1
54.0.0.0/24 is subnetted, 1 subnets
D EX 54.1.1.0 [170/1538560] via 155.1.23.3, 00:29:45, Serial0/1
[170/1538560] via 155.1.0.5, 00:29:45, Serial0/0.1
D EX 200.0.2.0/24 [170/1666560] via 155.1.23.3, 00:29:45, Serial0/1
[170/1666560] via 155.1.0.5, 00:29:45, Serial0/0.1
31.0.0.0/16 is subnetted, 4 subnets
D EX 31.3.0.0 [170/1049600] via 155.1.0.5, 00:17:10, Serial0/0.1
D EX 31.2.0.0 [170/1049600] via 155.1.0.5, 00:17:10, Serial0/0.1
D EX 31.1.0.0 [170/1049600] via 155.1.0.5, 00:17:10, Serial0/0.1
D EX 31.0.0.0 [170/1049600] via 155.1.0.5, 00:17:10, Serial0/0.1
150.1.0.0/24 is subnetted, 7 subnets
D 150.1.7.0 [90/1157120] via 155.1.23.3, 00:29:48, Serial0/1
[90/1157120] via 155.1.0.5, 00:29:48, Serial0/0.1
D 150.1.6.0 [90/1154560] via 155.1.23.3, 00:03:11, Serial0/1
D 150.1.5.0 [90/640000] via 155.1.0.5, 00:29:47, Serial0/0.1
D 150.1.3.0 [90/640000] via 155.1.23.3, 00:29:46, Serial0/1
D 150.1.1.0 [90/1152000] via 155.1.23.3, 00:03:12, Serial0/1
D 150.1.9.0 [90/640512] via 155.1.23.3, 00:29:46, Serial0/1
30.0.0.0/16 is subnetted, 4 subnets
D EX 30.2.0.0 [170/1049600] via 155.1.0.5, 00:17:10, Serial0/0.1
D EX 30.3.0.0 [170/1049600] via 155.1.0.5, 00:17:10, Serial0/0.1
D EX 30.0.0.0 [170/1049600] via 155.1.0.5, 00:17:10, Serial0/0.1
D EX 30.1.0.0 [170/1049600] via 155.1.0.5, 00:17:10, Serial0/0.1


before applying filter on R3
Rack1R3#show ip route eigrp
D EX 222.22.2.0/24 [170/514560] via 155.1.23.2, 00:02:50, Serial1/3
D EX 204.12.1.0/24 [170/1049600] via 155.1.0.5, 00:34:19, Serial1/0.1
155.1.0.0/24 is subnetted, 14 subnets
D 155.1.146.0 [90/514560] via 155.1.13.1, 00:46:54, Serial1/2
D 155.1.8.0 [90/514816] via 155.1.0.5, 00:46:56, Serial1/0.1
D 155.1.9.0 [90/768] via 155.1.37.7, 00:46:54, FastEthernet0/0
D 155.1.7.0 [90/512] via 155.1.37.7, 00:46:54, FastEthernet0/0
D 155.1.5.0 [90/514560] via 155.1.0.5, 00:46:56, Serial1/0.1
D 155.1.58.0 [90/514560] via 155.1.0.5, 00:46:56, Serial1/0.1
D 155.1.45.0 [90/1024000] via 155.1.0.5, 00:16:12, Serial1/0.1
D 155.1.79.0 [90/512] via 155.1.37.7, 00:46:54, FastEthernet0/0
D 155.1.67.0 [90/517120] via 155.1.13.1, 00:46:54, Serial1/2
D 155.1.108.0 [90/517120] via 155.1.0.5, 00:46:56, Serial1/0.1
D EX 220.20.3.0/24 [170/514560] via 155.1.23.2, 00:02:50, Serial1/3
D*EX 200.0.0.0/24 [170/1154560] via 155.1.13.1, 00:46:54, Serial1/2
54.0.0.0/24 is subnetted, 1 subnets
D EX 54.1.1.0 [170/1026560] via 155.1.13.1, 00:46:54, Serial1/2
D EX 200.0.2.0/24 [170/1154560] via 155.1.13.1, 00:46:54, Serial1/2
D EX 192.10.1.0/24 [170/514560] via 155.1.23.2, 00:02:54, Serial1/3
31.0.0.0/16 is subnetted, 4 subnets
D EX 31.3.0.0 [170/1049600] via 155.1.0.5, 00:34:19, Serial1/0.1
D EX 31.2.0.0 [170/1049600] via 155.1.0.5, 00:34:19, Serial1/0.1
D EX 31.1.0.0 [170/1049600] via 155.1.0.5, 00:34:19, Serial1/0.1
D EX 31.0.0.0 [170/1049600] via 155.1.0.5, 00:21:46, Serial1/0.1
150.1.0.0/24 is subnetted, 8 subnets
D 150.1.7.0 [90/645120] via 155.1.13.1, 00:46:56, Serial1/2
D 150.1.6.0 [90/642560] via 155.1.13.1, 00:16:06, Serial1/2
D 150.1.5.0 [90/640000] via 155.1.0.5, 00:46:56, Serial1/0.1
D 150.1.4.0 [90/1152000] via 155.1.0.5, 00:16:06, Serial1/0.1
D 150.1.2.0 [90/640000] via 155.1.23.2, 00:46:54, Serial1/3
D 150.1.1.0 [90/640000] via 155.1.13.1, 00:16:06, Serial1/2
D 150.1.9.0 [90/128512] via 155.1.37.7, 00:46:54, FastEthernet0/0
D EX 205.90.31.0/24 [170/514560] via 155.1.23.2, 00:02:50, Serial1/3
30.0.0.0/16 is subnetted, 4 subnets
D EX 30.2.0.0 [170/1049600] via 155.1.0.5, 00:21:46, Serial1/0.1
D EX 30.3.0.0 [170/1049600] via 155.1.0.5, 00:21:46, Serial1/0.1
D EX 30.0.0.0 [170/1049600] via 155.1.0.5, 00:21:46, Serial1/0.1
D EX 30.1.0.0 [170/1049600] via 155.1.0.5, 00:21:46, Serial1/0.1
D* 0.0.0.0/0 [90/1026560] via 155.1.0.5, 00:16:05, Serial1/0.1

after applying filter on R3


Rack1R3#show ip route eigrp
D EX 222.22.2.0/24 [170/1026560] via 155.1.0.5, 00:00:25, Serial1/0.1
D EX 204.12.1.0/24 [170/1049600] via 155.1.0.5, 00:36:53, Serial1/0.1
155.1.0.0/24 is subnetted, 14 subnets
D 155.1.146.0 [90/1026560] via 155.1.0.5, 00:00:25, Serial1/0.1
D 155.1.8.0 [90/1026816] via 155.1.23.2, 00:00:26, Serial1/3
[90/1026816] via 155.1.13.1, 00:00:26, Serial1/2
D 155.1.9.0 [90/768] via 155.1.37.7, 00:49:29, FastEthernet0/0
D 155.1.7.0 [90/512] via 155.1.37.7, 00:49:29, FastEthernet0/0
D 155.1.5.0 [90/1026560] via 155.1.23.2, 00:00:26, Serial1/3
[90/1026560] via 155.1.13.1, 00:00:26, Serial1/2
D 155.1.58.0 [90/1026560] via 155.1.23.2, 00:00:26, Serial1/3
[90/1026560] via 155.1.13.1, 00:00:26, Serial1/2
D 155.1.45.0 [90/1024000] via 155.1.0.5, 00:00:27, Serial1/0.1
D 155.1.79.0 [90/512] via 155.1.37.7, 00:49:29, FastEthernet0/0
D 155.1.67.0 [90/1029120] via 155.1.0.5, 00:00:25, Serial1/0.1
D 155.1.108.0 [90/1029120] via 155.1.23.2, 00:00:26, Serial1/3
[90/1029120] via 155.1.13.1, 00:00:26, Serial1/2
D EX 220.20.3.0/24 [170/1026560] via 155.1.0.5, 00:00:25, Serial1/0.1
D*EX 200.0.0.0/24 [170/1154560] via 155.1.13.1, 00:49:29, Serial1/2
54.0.0.0/24 is subnetted, 1 subnets
D EX 54.1.1.0 [170/1026560] via 155.1.13.1, 00:49:29, Serial1/2
D EX 200.0.2.0/24 [170/1154560] via 155.1.13.1, 00:49:29, Serial1/2
D EX 192.10.1.0/24 [170/1026560] via 155.1.0.5, 00:00:25, Serial1/0.1
31.0.0.0/16 is subnetted, 4 subnets
D EX 31.3.0.0 [170/1049600] via 155.1.0.5, 00:00:34, Serial1/0.1
D EX 31.2.0.0 [170/1049600] via 155.1.0.5, 00:00:34, Serial1/0.1
D EX 31.1.0.0 [170/1049600] via 155.1.0.5, 00:00:34, Serial1/0.1
D EX 31.0.0.0 [170/1049600] via 155.1.0.5, 00:00:34, Serial1/0.1
150.1.0.0/24 is subnetted, 7 subnets
D 150.1.7.0 [90/1157120] via 155.1.0.5, 00:00:33, Serial1/0.1
D 150.1.6.0 [90/1154560] via 155.1.0.5, 00:00:32, Serial1/0.1
D 150.1.5.0 [90/1152000] via 155.1.23.2, 00:00:33, Serial1/3
[90/1152000] via 155.1.13.1, 00:00:33, Serial1/2
D 150.1.4.0 [90/1152000] via 155.1.0.5, 00:18:47, Serial1/0.1
D 150.1.1.0 [90/1154560] via 155.1.0.5, 00:00:32, Serial1/0.1
D 150.1.9.0 [90/128512] via 155.1.37.7, 00:49:36, FastEthernet0/0
D EX 205.90.31.0/24 [170/1026560] via 155.1.0.5, 00:00:33, Serial1/0.1
30.0.0.0/16 is subnetted, 4 subnets
D EX 30.2.0.0 [170/1049600] via 155.1.0.5, 00:00:34, Serial1/0.1
D EX 30.3.0.0 [170/1049600] via 155.1.0.5, 00:00:34, Serial1/0.1
D EX 30.0.0.0 [170/1049600] via 155.1.0.5, 00:00:34, Serial1/0.1
D EX 30.1.0.0 [170/1049600] via 155.1.0.5, 00:00:34, Serial1/0.1
D* 0.0.0.0/0 [90/1026560] via 155.1.0.5, 00:18:47, Serial1/0.1
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)