Using a standard ACL is the way to go with RIP filtering Rob. What you have going on here is a little bit off. Remember, RIPv2 doesn't unicast updates, so your ACL really doesn't follow the right logic. RIPv2 will multicast updates to 224.0.0.9. The best thing to do would be to just write a standard ACL that permits what you want to allow into RIP, and denies everything else. To do what you want , the best solution is probably have a distribute list on both R7 and R5 inbound.
Regards, Joe Astorino CCIE #24347 (R&S) Sr. Support Engineer - IPexpert, Inc. URL: http://www.IPexpert.com From: [email protected] [mailto:[email protected]] On Behalf Of Rob Sent: Monday, June 15, 2009 10:31 PM To: [email protected] Subject: [OSL | CCIE_RS] distribution-list question I have been playing around with distribution-lists and RIP and noticed a few things that caused a few questions to pop up. Assume the following using IPexpert's diagrams. R9 has a route that is sent to R6. (100.100.250.0 network.) R6 has F0/1 and S0/1/0 shut down to keep this simple. I am attempting to allow R7 to learn about this route from R6 but not allowing R5 to know anything about it. At the same time R5 should know about the 150.100.91.0 network on R9 As I was working with the Distribution command on my 3725 (R6) I noticed that the Distribution command allows access-list 1-199. As such, I created an extended access-list attempting to allow updates for this address to R7 but Deny anything to R5. The access-list is not blocking any of the the updates. The access-list is below. Access-list 100 deny ip 100.100.250.0 0.0.0.255 host 150.100.220.5 Access-list 100 deny ip host 150.100.220.5 100.100.250.0 0.0.0.255 (I added both just to see which if either is used) Access-list 100 per ip any any. I see the rip pack has both address in the updates but It appears it does not allow me to do what I want via R6. I checked the Doc CD and it talks about using only Standard access-lists even though the router excepts extended. Am I doing something wrong in trying to get this to work with Distribution-lists? If it is just not supported then what is the reasoning in allowing extended access-lists instead of limiting it to standard? If there any other reason you can think of you may try and use an extended access-list instead of a Standard? I know I can make that happen using other methods, but I am just wondering if this is an option that I am just missing or if it just can not happen this way at all. Any in site you may have would be great. Thanks Rob No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.364 / Virus Database: 270.12.65/2171 - Release Date: 06/15/09 05:54:00
