-
Routing updates from a routing protocol can be completely suppressed on an interface if desired. -
The administrative distance can be tuned such that one routing protocol is more trusted than another within the local router. -
The routes advertised by a routing protocol can be closely controlled so that route filtering takes place toward neighboring routers. -
The routes received and processed by a routing protocol can be closely controlled so that inbound route filtering takes place from neighboring routers. Route filtering is useful for distance vector routing protocols, because routes are sent and received among neighbors. However, filtering is not useful for link state protocols, such as OSPF, because all routers in a domain have an identical copy of the link-state database. In this case, filtering is useful only at link state advertisement boundaries, such as an OSPF ASBR. Route filtering is also useful when mutual route redistribution is configured between two routing protocols. In some cases, routes redistributed into another routing protocol can be redistributed again in return. Route filters can be used to prevent this from happening. Configuration -
Enable the routing processes: RIP (see Section 7-2), IGRP (see Section 7-3), EIGRP (see Section 7-4), IS-IS (see Section 7-5), OSPF (see Section 7-6), or BGP (see Section 7-7): (global) router protocol [ process-id ] -
(Optional) Prevent all outbound routing updates on an interface: (router) passive-interface type number No routes will be advertised using this routing protocol and interface. Incoming routing updates will still be listened to and processed, except in the case of EIGRP: The router will also stop sending and receiving EIGRP hello packets on the interface, resulting in the loss of neighbor adjacencies. -
(Optional) Make a routing protocol more trusted than another, to filter the source of routing information: (router) distance weight [ address mask [ access-list-num name ]] [ ip ] Assign an administrative distance value to a routing information source. The distance or weight ranges from 0 to 255 and is significant only to the local router. Every routing information source has a default administrative distance; the lower the distance, the more trusted the source. Table 8-4 documents administrative distances for routing information sources. The address and mask (inverted mask: 0 = match, 1 = don't care) fields can be given to match the IP addresses of routers sending routing information and to set the administrative distance for these sources alone. Also, either a named or standard IP access list can be used to more closely match IP addresses of advertising routers. Note that EIGRP has two forms of this command to assign independent distances to internal (intra-AS) and external (inter-AS) routes: distance eigrp internal-distance external-distance. Table 8-4. Default Administrative Distances Routing Info Source | Default Admin Distance | Connected interface | | Static route | 1 | EIGRP summary route | 5 | External BGP | 20 | Internal EIGRP | 90 | IGRP | 100 | OSPF | 110 | IS-IS | 115 | RIP | 120 | EGP | 140 | Internal BGP | 200 | Unknown (not trusted; ignored) | 255 | -
(RIP, IGRP, EIGRP only) Increase the routing metric on matching routes: (router) offset-list access-list { in out } offset [ type number ] Routes are matched against the named or numbered IP access list, and a fixed offset (positive number) is added to the route metric. The in and out keywords are used to select an offset for incoming or outgoing routes. If desired, the offset list can be applied to a specific interface type and number. -
(Optional) Filter routes being advertised in outbound routing updates: (router) distribute-list { access-list-num name } out [ interface ] Routes being advertised are first passed through the standard IP or named access list. Matching routes are either permitted to be advertised or are denied , according to the access list statements. The distribute list can be applied to only a single outbound interface if desired. -
(Optional) Filter routes received from incoming advertisements: (router) distribute-list { access-list-num name } in [ interface ] Routes received in routing updates are passed through the standard IP or named access list before being processed by the local routing protocol. Matching routes are either permitted to be used or are denied, according to the access list statements. The distribute list can be applied to only a single inbound interface if desired. NOTE Inbound route filtering does not apply to the link-state protocols OSPF or IS-IS. By definition, the entire routing topology database is kept on each router. Therefore, specific routes are not received and processed independently. Example For EIGRP, suppress routing updates on interface serial 1. Filter incoming routing updates to include only the 192.168.1.0 route. Filter outbound updates to include all but the 10.2.0.0 route. Adjust the administrative distance for EIGRP to 100 (instead of the default 90) on updates from EIGRP neighbors with IP addresses within the range 192.168.3.x: router eigrp 101 network 10.0.0.0 passive-interface serial 1 distribute-list 5 in distribute-list 6 out distance 100 192.168.3.0 0.0.0.255 access-list 5 permit 192.168.1.0 access-list 6 deny 10.2.0.0 access-list 6 permit any |