Thread: RIP distribute-lists
View Single Post
EdTheLad
Resident Underachiever
Registered Member
 
EdTheLad's Avatar
 
Join Date: May 2005
Location: Globe trotter, nfa
Posts: 1,537

Certifications: CCNP/CCIP/IE Written
EdTheLad is just really niceEdTheLad is just really niceEdTheLad is just really niceEdTheLad is just really nice
Old 01-11-2009, 08:28 AM   #4 (permalink)
Quote:
Originally Posted by kalebksp View Post
I don't know what version of the IOS the last poster was running, but mine won't let me apply an extended ACL to a distribute list.
Maybe you were trying to apply an "ip access-list" ? did you try the reguar "access-list 101" type?

Anyway i've had a look at this to see if the extended would work with a distribution-list in rip.

So below R1 has multiple addresses created.

R1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

172.16.0.0/24 is subnetted, 4 subnets
R 172.16.23.0 [120/1] via 172.16.12.2, 00:00:03, Serial1/0
C 172.16.12.0 is directly connected, Serial1/0
C 172.16.1.0 is directly connected, Loopback0
R 172.16.2.0 [120/1] via 172.16.12.2, 00:00:03, Serial1/0
C 192.168.51.0/24 is directly connected, Loopback51
C 192.168.50.0/24 is directly connected, Loopback50
C 192.168.49.0/24 is directly connected, Loopback49
C 192.168.70.0/24 is directly connected, Loopback70
C 192.168.48.0/24 is directly connected, Loopback48
S 192.168.48.0/22 is directly connected, Null0


I enabled rip debugging to see them being advertised.

R1#debug ip rip
RIP protocol debugging is on
R1#
*Mar 1 02:33:44.515: RIP: sending v2 update to 224.0.0.9 via Serial1/0 (172.16.12.1)
*Mar 1 02:33:44.519: RIP: build update entries
*Mar 1 02:33:44.519: 172.16.1.0/24 via 0.0.0.0, metric 1, tag 0
*Mar 1 02:33:44.523: 192.168.48.0/22 via 0.0.0.0, metric 1, tag 0
*Mar 1 02:33:44.527: 192.168.48.0/24 via 0.0.0.0, metric 1, tag 0
*Mar 1 02:33:44.531: 192.168.49.0/24 via 0.0.0.0, metric 1, tag 0
*Mar 1 02:33:44.531: 192.168.50.0/24 via 0.0.0.0, metric 1, tag 0
*Mar 1 02:33:44.535: 192.168.51.0/24 via 0.0.0.0, metric 1, tag 0
*Mar 1 02:33:44.539: 192.168.70.0/24 via 0.0.0.0, metric 1, tag 0


Now i want to filter everything but the /22 route, usually i would use a prefix-list but i'm only interested in the extended access-list way.

R1(config)#access-list 101 permit ip 192.168.48.0 0.0.0.0 255.255.252.0 0.0.0.0
R1(config)#do sho access-li
Extended IP access list 101
10 permit ip host 192.168.48.0 host 255.255.252.0


Now i apply this to RIP.

R1(config)#router rip
R1(config-router)#distribute-list 101 out


R1#
*Mar 1 02:36:53.643: RIP: sending v2 update to 224.0.0.9 via Serial1/0 (172.16.12.1)
*Mar 1 02:36:53.647: RIP: build update entries - suppressing null update
R1#
R1#
*Mar 1 02:37:08.351: RIP: received v2 update from 172.16.12.2 on Serial1/0
*Mar 1 02:37:08.351: 172.16.2.0/24 via 0.0.0.0 in 1 hops
*Mar 1 02:37:08.355: 172.16.23.0/24 via 0.0.0.0 in 1 hops
R1#


As you can see its not working,everything is being blocked.If i change the access-list to permit any any, it forwards everything.Maybe its an issue on my IOS? maybe it's not supported, maybe i'm missing something fundermental here, if so advise.



__________________
If you're not in you won't win, if you don't go you won't know.

EdTheLad is offline   Reply With Quote