You have to remember, RIPv2 is generally a multicast technology AND it is hop by hop right? So regarding the last question - If you send something out an interface as a multicast, you have no control over what router receives that by configuring something on the same router that sent it.
One thing I thought of is this: On R6 do neighbor statements for R7 only and make R6 passive. This will make sure only R7 gets the updates. But, R7 will still multicast out updates to R5, causing R5 to get all the routes. So you could put a distribute-list out on R7 to filter what you don't want R5 to get. Make sure it is not going out the same interface it came into R7 on though, or it won't work due to split horizon (unless you disable split horizon). Regards, Joe Astorino CCIE #24347 (R&S) Sr. Support Engineer - IPexpert, Inc. URL: http://www.IPexpert.com From: Rob [mailto:[email protected]] Sent: Monday, June 15, 2009 11:56 PM To: 'Joe Astorino'; [email protected] Subject: RE: [OSL | CCIE_RS] distribution-list question Thanks Joe..I know I could do the Distribution inbound on R5 and R7, however I was looking to see if there is a way using just Distribution lists on R6 along with learning what can not be done with this method. Right now I am trying to see what limitations certain methods have I am looking at it in that it is good to know what I can do with each feature, but also what I can not do with each of them. You did help point out a flaw in my way of thinking. I was forgetting the updates where Multicasts so there was not a way for the router to know who on that interface would actually get it. I saw the multicast address in the debugs, but when I saw the unicast address from the packets inbound it messed me up and I forgot what was really happening. I adjusted the config slightly. I changed that interface to passive (F0/0 on R6) and setup both remote routers to be neighbors so that they would use unicast. I assumed that maybe the distribution-list could then filter that network out before it sent it to R5, but still nothing. Is it just that simple that you can not filter out a network in an outbound update (using distribution lists alone) on an Ethernet port with multiple routers where you want some routers to know about it and not others? Rob _____ From: Joe Astorino [mailto:[email protected]] Sent: Monday, June 15, 2009 9:49 PM To: 'Rob'; [email protected] Subject: RE: [OSL | CCIE_RS] distribution-list question Using a standard ACL is the way to go with RIP filtering Rob. What you have going on here is a little bit off. Remember, RIPv2 doesn't unicast updates, so your ACL really doesn't follow the right logic. RIPv2 will multicast updates to 224.0.0.9. The best thing to do would be to just write a standard ACL that permits what you want to allow into RIP, and denies everything else. To do what you want , the best solution is probably have a distribute list on both R7 and R5 inbound. Regards, Joe Astorino CCIE #24347 (R&S) Sr. Support Engineer - IPexpert, Inc. URL: http://www.IPexpert.com From: [email protected] [mailto:[email protected]] On Behalf Of Rob Sent: Monday, June 15, 2009 10:31 PM To: [email protected] Subject: [OSL | CCIE_RS] distribution-list question I have been playing around with distribution-lists and RIP and noticed a few things that caused a few questions to pop up. Assume the following using IPexpert's diagrams. R9 has a route that is sent to R6. (100.100.250.0 network.) R6 has F0/1 and S0/1/0 shut down to keep this simple. I am attempting to allow R7 to learn about this route from R6 but not allowing R5 to know anything about it. At the same time R5 should know about the 150.100.91.0 network on R9 As I was working with the Distribution command on my 3725 (R6) I noticed that the Distribution command allows access-list 1-199. As such, I created an extended access-list attempting to allow updates for this address to R7 but Deny anything to R5. The access-list is not blocking any of the the updates. The access-list is below. Access-list 100 deny ip 100.100.250.0 0.0.0.255 host 150.100.220.5 Access-list 100 deny ip host 150.100.220.5 100.100.250.0 0.0.0.255 (I added both just to see which if either is used) Access-list 100 per ip any any. I see the rip pack has both address in the updates but It appears it does not allow me to do what I want via R6. I checked the Doc CD and it talks about using only Standard access-lists even though the router excepts extended. Am I doing something wrong in trying to get this to work with Distribution-lists? If it is just not supported then what is the reasoning in allowing extended access-lists instead of limiting it to standard? If there any other reason you can think of you may try and use an extended access-list instead of a Standard? I know I can make that happen using other methods, but I am just wondering if this is an option that I am just missing or if it just can not happen this way at all. Any in site you may have would be great. Thanks Rob No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.364 / Virus Database: 270.12.65/2171 - Release Date: 06/15/09 05:54:00 No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.339 / Virus Database: 270.12.67/2174 - Release Date: 06/15/09 17:54:00 No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.364 / Virus Database: 270.12.65/2171 - Release Date: 06/15/09 05:54:00
