My Journey to CCIE: RIPv2 filtering with standard access-list

example

R1 and R2 We have applied in R1 an access-list to filter from route R2 a particular route 2.2.6.0 255.255.255.0

R1(config)#ip access-list standard NET226
R1(config-std-nacl)#5 deny 2.2.6.0 0.0.0.255
R1(config-std-nacl)#20 permit any
R1(config-std-nacl)#do sh run | s ip acc
ip access-list standard NET226
deny   2.0.0.0 0.0.0.255
permit any

R1(config t)#router rip

R1(config-router)#distribute-list NET226 in
R1(config-router)#do clear ip route *

R1# sh run | s rou
router rip
version 2
offset-list 10 in 5 Serial0/0
network 1.0.0.0
network 12.0.0.0
network 14.0.0.0
distribute-list NET226 in
no auto-summary

R1(config-std-nacl)#do sh ip access
Standard IP access list 10
    10 permit 172.16.0.10 (651 matches)
Standard IP access list NET226
    5 deny   2.2.6.0, wildcard bits 0.0.0.255
    20 permit any (484 matches)

R1(config)#do sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     34.0.0.0/24 is subnetted, 1 subnets
R       34.1.1.0 [120/1] via 14.1.1.2, 00:00:05, Serial0/1
     1.0.0.0/24 is subnetted, 4 subnets
C       1.1.0.0 is directly connected, Loopback0
C       1.1.1.0 is directly connected, Loopback1
C       1.1.2.0 is directly connected, Loopback2
C       1.1.3.0 is directly connected, Loopback3
     2.0.0.0/24 is subnetted, 3 subnets
R       2.2.4.0 [120/1] via 12.1.1.2, 00:00:05, Serial0/0
no presen 2.2.6.0[120/1] via 12.1.1.2-============
R       2.2.5.0 [120/1] via 12.1.1.2, 00:00:05, Serial0/0
R       2.2.7.0 [120/1] via 12.1.1.2, 00:00:06, Serial0/0
     3.0.0.0/24 is subnetted, 4 subnets
R       3.3.8.0 [120/2] via 14.1.1.2, 00:00:06, Serial0/1
                [120/2] via 12.1.1.2, 00:00:06, Serial0/0
R       3.3.9.0 [120/2] via 14.1.1.2, 00:00:01, Serial0/1
                [120/2] via 12.1.1.2, 00:00:09, Serial0/0
R       3.3.10.0 [120/2] via 12.1.1.2, 00:00:09, Serial0/0
R       3.3.11.0 [120/2] via 12.1.1.2, 00:00:09, Serial0/0
     4.0.0.0/24 is subnetted, 4 subnets
R       4.4.12.0 [120/1] via 14.1.1.2, 00:00:01, Serial0/1
R       4.4.13.0 [120/1] via 14.1.1.2, 00:00:01, Serial0/1
R       4.4.14.0 [120/1] via 14.1.1.2, 00:00:01, Serial0/1
R       4.4.15.0 [120/1] via 14.1.1.2, 00:00:01, Serial0/1
     23.0.0.0/24 is subnetted, 1 subnets
R       23.1.1.0 [120/1] via 12.1.1.2, 00:00:09, Serial0/0
     172.16.0.0/32 is subnetted, 2 subnets
R       172.16.0.20 [120/3] via 14.1.1.2, 00:00:01, Serial0/1
R       172.16.0.10 [120/3] via 14.1.1.2, 00:00:01, Serial0/1
     12.0.0.0/24 is subnetted, 1 subnets
C       12.1.1.0 is directly connected, Serial0/0
     14.0.0.0/24 is subnetted, 1 subnets
C       14.1.1.0 is directly connected, Serial0/1
R1(config)#

R1 filters incoming update about net 2.2.6.0/24 from both R4 and R2, in other words it prevents route installation in its rip database regardless of the source of the incoming update.
------------------- NOTE -----------------------
The distribute-list is not a standalone filtering mechanism, the distribute-list command lets us to apply different filtering mechanisms to a routing process.
---------------- END NOTE -------------------
I can be more specific when using a distribute-list and filtering only the update coming in from a specific neighbor-->link-->interface. For example let's suppose that R1 must learn about network 2.2.6.0/24 only from R4 and not directly from the R2. here what can I do using the same ACL defined before:

R1(config)#router rip
R1(config-router)#no distribute-list NET226 in
R1(config-router)#do clear ip route *

R1(config-router)#do sh ip route 2.2.6.0 --everything restore to original
Routing entry for 2.2.6.0/24
Known via "rip", distance 120, metric 1
Redistributing via rip
Last update from 12.1.1.2 on Serial0/0, 00:00:02 ago
Routing Descriptor Blocks:
* 12.1.1.2, from 12.1.1.2, 00:00:02 ago, via Serial0/0
      Route metric is 1, traffic share count is 1

R1(config-router)# ----we applied again the access-list but to interface
R1(config-router)#
R1(config-router)#distribute-list NET226 in serial 0/0

R1(config-router)#do clear ip route *

We have one path to 2.2.6.2 using R1-To R4, R3 and R2

R1(config-router)#do sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     34.0.0.0/24 is subnetted, 1 subnets
R       34.1.1.0 [120/1] via 14.1.1.2, 00:00:06, Serial0/1
     1.0.0.0/24 is subnetted, 4 subnets
C       1.1.0.0 is directly connected, Loopback0
C       1.1.1.0 is directly connected, Loopback1
C       1.1.2.0 is directly connected, Loopback2
C       1.1.3.0 is directly connected, Loopback3
     2.0.0.0/24 is subnetted, 4 subnets
R       2.2.4.0 [120/1] via 12.1.1.2, 00:00:00, Serial0/0
R       2.2.5.0 [120/1] via 12.1.1.2,
*Mar 2 00:09:56.394: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to up 00:00:00, Serial0/0
R       2.2.6.0 [120/3] via 14.1.1.2, 00:00:07, Serial0/1
R       2.2.7.0 [120/1] via 12.1.1.2, 00:00:02, Serial0/0
     3.0.0.0/24 is subnetted, 4 subnets
R       3.3.8.0 [120/2] via 14.1.1.2, 00:00:15, Serial0/1
                [120/2] via 12.1.1.2, 00:00:09, Serial0/0
R       3.3.9.0 [120/2] via 14.1.1.2, 00:00:15, Serial0/1
                [120/2] via 12.1.1.2, 00:00:09, Serial0/0
R       3.3.10.0 [120/2] via 12.1.1.2, 00:00:09, Serial0/0
R       3.3.11.0 [120/2] via 12.1.1.2, 00:00:09, Serial0/0
     4.0.0.0/24 is subnetted, 4 subnets
R       4.4.12.0 [120/1] via 14.1.1.2, 00:00:15, Serial0/1
R       4.4.13.0 [120/1] via 14.1.1.2, 00:00:15, Serial0/1
R       4.4.14.0 [120/1] via 14.1.1.2, 00:00:15, Serial0/1
R       4.4.15.0 [120/1] via 14.1.1.2, 00:00:15, Serial0/1
     23.0.0.0/24 is subnetted, 1 subnets
R       23.1.1.0 [120/1] via 12.1.1.2, 00:00:09, Serial0/0
     172.16.0.0/32 is subnetted, 2 subnets
R       172.16.0.20 [120/3] via 14.1.1.2, 00:00:15, Serial0/1
R       172.16.0.10 [120/3] via 14.1.1.2, 00:00:15, Serial0/1
     12.0.0.0/24 is subnetted, 1 subnets
C       12.1.1.0 is directly connected, Serial0/0
     14.0.0.0/24 is subnetted, 1 subnets
C       14.1.1.0 is directly connected, Serial0/1
R1(config-router)#

R1 will reach 2.2.6.2 in three hops

R1#sh ip route 2.2.6.0
Routing entry for 2.2.6.0/24
Known via "rip", distance 120, metric 3 -========
Redistributing via rip
Last update from 14.1.1.2 on Serial0/1, 00:00:12 ago
Routing Descriptor Blocks:
* 14.1.1.2, from 14.1.1.2, 00:00:12 ago, via Serial0/1
      Route metric is 3, traffic share count is 1

R1#

My Journey to CCIE

Monday, 26 October 2015

RIPv2 filtering with standard access-list

Blog Archive