EIGRP filtering route - GNS3

R1

router eigrp 1
 network 10.0.0.0
 network 30.0.0.0
 no auto-summary

R2

router eigrp 1

 network 30.30.12.2 0.0.0.0

 network 172.16.0.0

 no auto-summary

R3

router eigrp 1

 network 30.30.13.2 0.0.0.0

 network 192.168.0.0 0.0.255.255

 no auto-summary

*we didn't advertise direct link between R2 and R3, just let it be that way for now

make sure show ip route on R1, R2 and R3 can show all the network advertised by all the 3 routers.

Distribute List + Access list

we'll start with filtering certain route that EIGRP receive on particular interface 

let's stop 192.168.1.0 - 192.168.5.0 from being learned on Serial 0/1 on R1, R2 also should not see this since R2 learn it via R1

show current IP route

R1#sh ip rou

...

D    192.168.4.0/24 [90/2297856] via 30.30.13.2, 00:12:16, Serial0/1

D    192.168.5.0/24 [90/2297856] via 30.30.13.2, 00:12:16, Serial0/1

..

D    192.168.1.0/24 [90/2297856] via 30.30.13.2, 00:12:17, Serial0/1

D    192.168.2.0/24 [90/2297856] via 30.30.13.2, 00:12:17, Serial0/1

D    192.168.3.0/24 [90/2297856] via 30.30.13.2, 00:12:17, Serial0/1

...

R2#sh ip rou

D    192.168.4.0/24 [90/2809856] via 30.30.12.1, 00:12:57, Serial0/0 notice that R2 learned via R1 interface

D    192.168.5.0/24 [90/2809856] via 30.30.12.1, 00:12:57, Serial0/0

..

D    192.168.1.0/24 [90/2809856] via 30.30.12.1, 00:12:58, Serial0/0

D    192.168.2.0/24 [90/2809856] via 30.30.12.1, 00:12:58, Serial0/0

D    192.168.3.0/24 [90/2809856] via 30.30.12.1, 00:12:58, Serial0/0

..

first we need to create access list to define the what IP to be filtered on R1 Ser 0/1 (another way to define it is by using ip prefix-list, will show you below )

access-list 10 deny   192.168.0.0 0.0.255.255

access-list 10 permit any

then apply it on EIGRP 1, in mean 'incoming'

router eigrp 1

 network 10.0.0.0

 network 30.0.0.0

 distribute-list 10 in Serial0/1 

 no auto-summary

now try again show ip route on R1 and R2, all the route above should be gone :)

now let's try filter on out interface, mean stop the route from go out on particular interface

let's filter 172.16.0.0 on R2 from received by R3, will stop this route at R1 ser 0/1

first, make sure show ip route on R3 have this IPs

R3>sh ip rou

..

     172.16.0.0/24 is subnetted, 5 subnets

D       172.16.4.0 [90/2809856] via 30.30.13.1, 00:43:31, Serial0/0

D       172.16.5.0 [90/2809856] via 30.30.13.1, 00:43:31, Serial0/0

D       172.16.1.0 [90/2809856] via 30.30.13.1, 00:43:31, Serial0/0

D       172.16.2.0 [90/2809856] via 30.30.13.1, 00:43:31, Serial0/0

D       172.16.3.0 [90/2809856] via 30.30.13.1, 00:43:31, Serial0/0

..

create an access-list (another way to define it is by using ip prefix-list, will show you below )

access-list 20 deny   172.16.0.0 0.0.255.255

access-list 20 permit any

apply it on EIGRP 1 

..

 distribute-list 20 out Serial0/1

..

now show ip route on R3 see 172.16.0.0 anymore, but R1 still can see it because it only stop it from going out on ser0/1, but it still learn it from Ser0/0 :)

distribute-list + prefix-list + gateway 

by right R2 and R3 should be able to see route to 10.1.x.x on R1

R2#sh ip rou

..

D       10.1.3.0 [90/2297856] via 30.30.12.1, 00:01:46, Serial0/0

D       10.1.2.0 [90/2297856] via 30.30.12.1, 00:01:46, Serial0/0

D       10.1.1.0 [90/2297856] via 30.30.12.1, 00:02:15, Serial0/0

D       10.1.5.0 [90/2297856] via 30.30.12.1, 00:01:46, Serial0/0

D       10.1.4.0 [90/2297856] via 30.30.12.1, 00:01:46, Serial0/0

..

R3#sh ip rou

..

D       10.1.3.0 [90/2297856] via 30.30.12.1, 00:01:46, Serial0/0

D       10.1.2.0 [90/2297856] via 30.30.12.1, 00:01:46, Serial0/0

D       10.1.1.0 [90/2297856] via 30.30.12.1, 00:02:15, Serial0/0

D       10.1.5.0 [90/2297856] via 30.30.12.1, 00:01:46, Serial0/0

D       10.1.4.0 [90/2297856] via 30.30.12.1, 00:01:46, Serial0/0

..

what we'll do is, to make R2 only can see 10.1.1.0 and 10.1.2.0, and R3 only can see 10.1.3.0 and 10.1.4.0 on his routing table

create the prefix list for the interesting traffic

ip prefix-list PREFIX2 seq 5 permit 10.1.1.0/24 le 32

ip prefix-list PREFIX2 seq 10 permit 10.1.2.0/24 le 32

ip prefix-list PREFIX2 seq 15 deny 0.0.0.0/8 le 32

create prefix list to allow only specific gateway to advertise route to this router

ip prefix-list NEG2 seq 5 permit 30.30.12.1/32

ip prefix-list NEG2 seq 10 deny 0.0.0.0/0 le 32

apply it on EIGRP 1

 distribute-list prefix PREFIX2 gateway NEG2 in

now show route, you should only see the allowed prefixes 

R2#sh ip rou

..

     10.0.0.0/24 is subnetted, 2 subnets

D       10.1.2.0 [90/2297856] via 30.30.12.1, 00:20:06, Serial0/0

D       10.1.1.0 [90/2297856] via 30.30.12.1, 00:20:36, Serial0/0

..

now, do the same on R3 to allow only specific route from R1 into his routing table :)