How to Filter Prefixes with Distribute-list

Prefixes that are advertised by routing protocols like OSPF, EIGRP or RIP can be filtered. One way of doing this is by using a distribute-list. In this lesson I’ll give you an example of how to filter certain prefixes with a distribute-list.

Filtering can occur inbound or outbound. If you have an inbound route filter we will first check if the network is permitted or not before we will accept it. Let’s take a look at a network topology so I can give you a demonstration:

route filtering two routers

R1 and R2 are connected to each other and running EIGRP. On R2 I have added a couple of loopback interfaces with prefixes that we will advertise in EIGRP. Here is the configuration:

R1(config)#router eigrp 12
R1(config-router)#no auto-summary
R1(config-router)#network 192.168.12.0
R2(config)#router eigrp 12
R2(config-router)#no auto-summary
R2(config-router)#network 192.168.12.0
R2(config-router)#network 172.16.0.0 0.0.3.255

Above you can see that we advertise all prefixes in EIGRP.

R1#show ip route eigrp 
     172.16.0.0/24 is subnetted, 4 subnets
D       172.16.0.0 [90/156160] via 192.168.12.2, 00:01:07, FastEthernet0/0
D       172.16.1.0 [90/156160] via 192.168.12.2, 00:01:07, FastEthernet0/0
D       172.16.2.0 [90/156160] via 192.168.12.2, 00:01:07, FastEthernet0/0
D       172.16.3.0 [90/156160] via 192.168.12.2, 00:01:07, FastEthernet0/0

If we look at the routing table of router R1 we can see all those networks on the loopback interfaces as it should be. Now we’ll see if we can do some filtering.

R1(config)#router eigrp 12
R1(config-router)#distribute-list ?
  <1-199>      IP access list number
  <1300-2699>  IP expanded access list number
  WORD         Access-list name
  gateway      Filtering incoming updates based on gateway
  prefix       Filter prefixes in routing updates
  route-map    Filter prefixes based on the route-map

Go to the configuration of the EIGRP process and use the distribute-list command to see your options. As you can see we can choose between an access-list, a prefix-list or a route-map. Let’s start with the access-list. You are probably familiar with the concept of access-lists if you studied CCNA.

R1(config-router)#distribute-list 1 ?
  in   Filter incoming routing updates
  out  Filter outgoing routing updates

If you specify an access-list number you can choose if this route filter has to be inbound or outbound.

R1(config-router)#distribute-list 1 in ?
  Async              Async interface
  BVI                Bridge-Group Virtual Interface
  CDMA-Ix            CDMA Ix interface
  CTunnel            CTunnel interface
  Dialer             Dialer interface
  FastEthernet       FastEthernet IEEE 802.3
  Lex                Lex interface
  Loopback           Loopback interface
  MFR                Multilink Frame Relay bundle interface
  Multilink          Multilink-group interface
  Null               Null interface
  Port-channel       Ethernet Channel of interfaces
  Tunnel             Tunnel interface
  Vif                PGM Multicast Host interface
  Virtual-PPP        Virtual PPP interface
  Virtual-Template   Virtual Template interface
  Virtual-TokenRing  Virtual TokenRing
  <cr>

If you want you can choose the interface where to apply the inbound route filter to. If you don’t specify an interface it will apply to all interfaces.

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 651 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

567 Sign Ups in the last 30 days

satisfaction-guaranteed
100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Forum Replies

  1. Hey, what is the difference in using route-maps or access-lists or prefixlists when applied to distribute-list ? they all do the same in regards to filtering routes in ospf or eigrp ? are there any minor difference between those ? can you please explain in detail. Thank you.

  2. Hi Rene, I have a question regarding recusive routing and the filtering of routing interfaces.
    I have a network similar to the one shown in the EIGRP Route-MAP Filtering lesson. The difference I have in my network is that the Tunnel areas has two ASAs so that if the primary route fails routing information can be sent over a tunnel to the remote site via the internet. Routing on this network is provided bt EIGRP. Currently when the primary route fails the link that goes over the internet goes into recursive routing and fails.

    interface Tunnel0
     ip address 192.1
    ... Continue reading in our forum

  3. Hi @Robhorseman101,

    The EIGRP route-map filtering lesson only has two routers with a single link so I think you had something else in mind? :smile:

    In your config, I see the tunnel interfaces of your routers:

    interface Tunnel0
     ip address 192.168.100.2 255.255.255.0
     tunnel source GigabitEthernet2/0.40
     tunnel destination 10.164.56.33
    

    And:

    interface Tunnel0
     ip address 192.168.100.1 255.255.255.0
     tunnel source GigabitEthernet2/0.40
     tunnel destination 10.164.58.33
    

    Not sure on which router you get the recursive routing error but for example, if it’s the first one th

    ... Continue reading in our forum

  4. Hi Rene,

    I had a question on the Design and efficiency portion here.

    We can place access-list on “in” or “out” I looked up the following which says standard access list should be placed near destination.

    Standard Access Control List (ACL) filters the traffic based on source IP address. Therefore a Standard Access Control List (ACL) must be placed on the router which is near to the destination network/host where it is denied. If we place the Standard Access Control List (ACL) near to source of the traffic, there is a chance for denial or other legitimate tr

    ... Continue reading in our forum

  5. Thanks for answering.

    So it seems to me that Best Practice here is just a starting point. Once you get enough knowledge you can be even more efficient depending on the specific design and setup. That was what I was really getting at. I am starting to understand it so my thinking once I have the basic grasp is not held down by specific rules because rules are for the most part general in nature.

    I just wanted to ask and confirm that before hand because while what I just stated is logical and common sense if your not careful and don’t ask questions there may b

    ... Continue reading in our forum

11 more replies! Ask a question or join the discussion by visiting our Community Forum