There are a number of reasons to implement route filtering. The filters can be used to control what routes are sent as well as what routes are learned from a neighbor. With ACLs the configuration is very flexible so just about anything is possible!
Configuration Basics
You can see the basic topology we will be working with below.
EIGRP is configured only for the 192.168.1.0/30 network at this time. The EIGRP configuration on each router is the same and is shown below.
router eigrp 100 network 192.168.1.0 0.0.0.3 no auto-summary
Filter Distribution
Our first item of business is to filter out networks that are part of the EIGRP exchange. It doesn’t really matter where the routes came from we can filter them to prevent the routes from being sent into the rest of the network. In our case the routes are local from the loopback interfaces. First on R1 we need to include the four subnets into the EIGRP process. Second, create a standard ACL to permit a limited subset of networks. Finally, apply this ACL as a distribution list to the EIGRP process. The result can be seen in the example below.
R1
router eigrp 100 network 10.0.0.0 0.0.3.255
R2
R2#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 10.0.0.0/24 is subnetted, 4 subnets D 10.0.2.0 [90/156160] via 192.168.1.1, 00:00:12, FastEthernet0/0 D 10.0.3.0 [90/156160] via 192.168.1.1, 00:00:12, FastEthernet0/0 D 10.0.0.0 [90/156160] via 192.168.1.1, 00:00:12, FastEthernet0/0 D 10.0.1.0 [90/156160] via 192.168.1.1, 00:00:12, FastEthernet0/0 192.168.1.0/30 is subnetted, 1 subnets C 192.168.1.0 is directly connected, FastEthernet0/0
As you can see above all routes are distributed to R2 as per normal. Now, add the ACL and distribution configuration and check again!
R1
access-list 1 permit 10.0.0.0 0.0.0.255 access-list 1 permit 10.0.2.0 0.0.1.255 router eigrp 100 network 192.168.1.0 0.0.0.3 distribute-list 1 out FastEthernet0/0
R2
R2#show ip route … 10.0.0.0/24 is subnetted, 3 subnets D 10.0.2.0 [90/156160] via 192.168.1.1, 00:00:07, FastEthernet0/0 D 10.0.3.0 [90/156160] via 192.168.1.1, 00:00:07, FastEthernet0/0 D 10.0.0.0 [90/156160] via 192.168.1.1, 00:00:07, FastEthernet0/0 192.168.1.0/30 is subnetted, 1 subnets C 192.168.1.0 is directly connected, FastEthernet0/0
Filter Incoming Updates
To demonstrate the filtering of incoming route updates on R2 the process will be very similar to the example above. Again, we will need an ACL and that ACL will need applied to an interface inside the routing protocol configuration.
R2
#show ip route … 10.0.0.0/24 is subnetted, 3 subnets D 10.0.2.0 [90/156160] via 192.168.1.1, 00:00:09, FastEthernet0/0 D 10.0.3.0 [90/156160] via 192.168.1.1, 00:00:09, FastEthernet0/0 D 10.0.0.0 [90/156160] via 192.168.1.1, 00:00:09, FastEthernet0/0 192.168.1.0/30 is subnetted, 1 subnets C 192.168.1.0 is directly connected, FastEthernet0/0
access-list 1 permit 10.0.0.0 0.0.0.255
router eigrp 100 distribute-list 1 in FastEthernet 0/0
show ip route … 10.0.0.0/24 is subnetted, 1 subnets D 10.0.0.0 [90/156160] via 192.168.1.1, 00:00:01, FastEthernet0/0 192.168.1.0/30 is subnetted, 1 subnets C 192.168.1.0 is directly connected, FastEthernet0/0
I hope you found this useful! Please feel free to comment below. In my next article I will be discussing prefix lists and route maps!