How to use access lists in EIGRP ? I want to block a specific network ( coming from the redistributed ospf network ) in my router which is running eigrp.
Say you have 4 routers R1 R2 R3 R4. R1 running ospf , R2 running ospf and Eigrp. R3, R4 running only eigrp.
Now, I want to block the network coming from R2 on R4 say 192.168.2.2 which is R2's loopback and it is in OSPF . At R2 I do mutual redistribution and then I see the 2.0 network on R4 as Eigrp route. Now to block this route:
The access list that I used was
R4 (Config ) # access-list 10 deny 192.168.2.0 0.0.0.255
access-list 10 permit any
And on R4's interface I used
R4(Config-if)# ip access-group 10 in
Now, even though I cleared the eigrp topology, I still see the 2.0 network on my R4 as eigrp route . Why ?
Please note, I do not want to use the distribute-list or route-map with the tags.
I apprecaite if someone can help me in this regard.
thanks in advance
Kam
Discussion on:
View:
Show:
The "ip access-group" command will block someone from connecting to that network but not from the route appearing in the routing table.
As I understand it, you want to prevent the route from appearing in the routing table (which would ultimately prevent all access to the network, even without an ip access-group statement).
To do this, block it when you redistribute it using a route-map or you block it when it comes into a router, downstream, using the distrbute-list command.
Either way, the ip access-group statement doesn't keep the route from appearing in the routing table.
I know you said that you don't want to use a distribute list or route-map (I don't see that you need tags in this case) but that seems like the best way to do it.
Is this from some kind of test question? (when you say that you don't want to use the obviously best method, that hints to me that it is from a test question).
If you still have more questions, please post and maybe we can figure it out together.
Thanks-
David Davis
As I understand it, you want to prevent the route from appearing in the routing table (which would ultimately prevent all access to the network, even without an ip access-group statement).
To do this, block it when you redistribute it using a route-map or you block it when it comes into a router, downstream, using the distrbute-list command.
Either way, the ip access-group statement doesn't keep the route from appearing in the routing table.
I know you said that you don't want to use a distribute list or route-map (I don't see that you need tags in this case) but that seems like the best way to do it.
Is this from some kind of test question? (when you say that you don't want to use the obviously best method, that hints to me that it is from a test question).
If you still have more questions, please post and maybe we can figure it out together.
Thanks-
David Davis
Based on the information that you have given I don't see any other way but use either a distribute-list or route maps to prevent the route from being placed in you routing table on R4.
Thanks,
eanderson
Thanks,
eanderson
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
