This post is another series of my CCIE marathon study notes. Again, I will be exploring the relevance of Prefix-List as compared with other route-filtering methods. I will be using prefix list for both inbound and outbound filtering just to show it’s usage. Prefix-list can be used to replaced access-list  but prefix-list is quite flexible especially when we want to filter based on range(s) of subnets. On this post, I will be only exploring on prefix-list as an alternative to access-list.

Important command to remember:

Here is my topology for this topic.

Here are my (lazy method) router configurations:

 Manila#sh run | sec eigrp
router eigrp 100
network 0.0.0.0
 
Singapore#sh run | sec eigrp
router eigrp 100
 network 0.0.0.0
Singapore#

Melbourne#sh run | sec eigrp
router eigrp 100
 network 0.0.0.0
Melbourne#

Verifications:

1. Let”s check the EIGRP neighbors from Singapore,

Singapore#show ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(100)
H   Address                 Interface              Hold Uptime   SRTT   RTO  Q  Seq
                                                   (sec)         (ms)       Cnt Num
0   192.168.12.1            Se2/0                    11 00:00:58   58   348  0  24
1   192.168.23.3            Se2/1                    10 00:39:49   53   318  0  15
Singapore#

2. Let me check the routing table from Manila router. So as observed, I have the complete routes from Melbourne and the network joining Singapore and Melbourne advertise into Manila router.

Manila#sh ip route eigrp
!
Gateway of last resort is not set

      100.0.0.0/24 is subnetted, 3 subnets
D        100.100.100.0 [90/2809856] via 192.168.12.2, 00:00:08, Serial2/0
D        100.100.110.0 [90/2809856] via 192.168.12.2, 00:00:08, Serial2/0
D        100.100.120.0 [90/2809856] via 192.168.12.2, 00:00:08, Serial2/0
D     192.168.23.0/24 [90/2681856] via 192.168.12.2, 00:00:48, Serial2/0

3. Now, Let’s go straight to filter 100.100.100.0/24 into entering Manila router.

So I have to crate the Prefix- list.
 
Manila(config)#ip prefix-list FILTERME seq 10 deny 100.100.100.0/24  << this statement will deny 100.100.100.0/24 to be installed on Manila routing table.

Manila(config)#ip prefix-list FILTERME seq 20 permit 0.0.0.0/0 le 32  << this statement will allow ANY network address.

Let me add the Prefix-list under EIGRP process. If we can notice, we are still using the distribute-list but instead of using access-list we change it into the Prefux-List. In order to do that we can used the command:   distribite-list prefix    

 Manila(config)#router eigrp 100
 Manila(config-router)#distribute-list prefix FILTERME in   <<<  If you notice, I did not select the interface where I will apply the policy, so it means it will be apply to all active interface by default.

Now, let’s check the routing table on Manila. So there’s no where we can find 100.100.100.0/24. My configuration works then!

Manila#show ip route eigrp
!
Gateway of last resort is not set

      100.0.0.0/24 is subnetted, 2 subnets
D        100.100.110.0 [90/2809856] via 192.168.12.2, 00:10:57, Serial2/0
D        100.100.120.0 [90/2809856] via 192.168.12.2, 00:10:57, Serial2/0
D     192.168.23.0/24 [90/2681856] via 192.168.12.2, 00:10:57, Serial2/0
Manila#

Now, what I wanted to do now is to filter using Prefix-List on the Singapore router the network 172.16.10.0/24 and 172.16.20.0/24 but allow 172.16.30.0/24 and 172.16.40.0/24 to be advertised into Melbourne router. This concept is what we called “Outbound Filtering”.  So what I expect is that Singapore will still received all the prefixes from Manila.

 So here’s my Prefix-list configs on Singapore,

 Singapore(config)#ip prefix-list FILTER-MANILA seq 10 deny 172.16.10.0/24
Singapore(config)#ip prefix-list FILTER-MANILA seq 20 deny 172.16.20.0/24
Singapore(config)#ip prefix-list FILTER-MANILA seq 30 permit 0.0.0.0/0 le 32
                                  
Note: On the third statement ,  I’m permitting any ip address.
 
 And I have to add the policy under EIGRP process,

Singapore(config)#router eigrp 100
Singapore(config-router)#distribute-list prefix FILTER-MANILA out serial 2/1   <<< So here, I have selected the outbound interface Serial 2/1 which is connected to Melbourne from Singapore.

 Now, let’s check the routing table of Singapore. As observed, We can still the network 172.16.10.0/24 and 172.16.20.0/24 as we have expected.

 Singapore#show ip route eigrp
!
Gateway of last resort is not set

      100.0.0.0/24 is subnetted, 3 subnets
D        100.100.100.0 [90/2297856] via 192.168.23.3, 00:56:43, Serial2/1
D        100.100.110.0 [90/2297856] via 192.168.23.3, 00:56:43, Serial2/1
D        100.100.120.0 [90/2297856] via 192.168.23.3, 00:56:43, Serial2/1
      172.16.0.0/24 is subnetted, 4 subnets
D        172.16.10.0 [90/2297856] via 192.168.12.1, 00:17:53, Serial2/0
D        172.16.20.0 [90/2297856] via 192.168.12.1, 00:17:53, Serial2/0
D        172.16.30.0 [90/2297856] via 192.168.12.1, 00:17:53, Serial2/0
D        172.16.40.0 [90/2297856] via 192.168.12.1, 00:17:53, Serial2/0

 But let’s check the Melbourne routing table. So sweet! Here you go, the routes were filtered by Singapore router as I cannot see this two routes in Melbourne router.


Melbourne#show ip route eigrp
!
Gateway of last resort is not set

      172.16.0.0/24 is subnetted, 2 subnets
D        172.16.30.0 [90/2809856] via 192.168.23.2, 00:22:11, Serial2/1
D        172.16.40.0 [90/2809856] via 192.168.23.2, 00:22:11, Serial2/1
D     192.168.12.0/24 [90/2681856] via 192.168.23.2, 01:00:40, Serial2/1
Melbourne#

 
*** On my next post, I will be exploring more about Prefix-List, it’s quite interesting that it has other important applications rather than just simply replacing an access-list for route filtering***