i created another loopback on eigrp 1, 7.7.7.7, added the network statement...
r1#sh ip route | exc L | inc loop
Gateway of last resort is not set1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 1.1.1.0/24 is directly connected, Loopback1
6.0.0.0/24 is subnetted, 1 subnets
O E2 6.6.6.0 [110/20] via 10.1.2.2, 00:14:05, FastEthernet1/1
[110/20] via 10.1.1.2, 00:13:29, FastEthernet0/0
7.0.0.0/24 is subnetted, 1 subnets
O E2 7.7.7.0 [110/20] via 10.1.2.2, 00:05:29, FastEthernet1/1
[110/20] via 10.1.1.2, 00:05:29, FastEthernet0/0
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.1.1.0/24 is directly connected, FastEthernet0/0
C 10.1.2.0/24 is directly connected, FastEthernet1/1
172.16.0.0/24 is subnetted, 2 subnets
O E2 172.16.1.0 [110/20] via 10.1.2.2, 00:06:28, FastEthernet1/1
O E2 172.16.2.0 [110/20] via 10.1.1.2, 00:06:28, FastEthernet0/0
O IA 192.168.1.0/24 [110/782] via 10.1.1.2, 00:15:27, FastEthernet0/0
O IA 192.168.2.0/24 [110/782] via 10.1.2.2, 00:15:27, FastEthernet1/1
note the 7's, and the table has been restored to e2's only...
r1#ping 7.7.7.7
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/19/40 ms
let's eliminate the 7's with a distribution list....
access-list 1 permit 6.6.6.0 0.0.0.255
distribute-list 1 out
from r6's eigrp network
of course we have also eliminated the routes to the links to get there with this simple statement because of the implicit deny... ping to 6's still gets there, but that's it...
r6#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
r6#ping 1.1.1.1 source 6.6.6.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 6.6.6.6
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/12/16 ms
r6#ping 1.1.1.1 source 172.16.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 172.16.1.1
.....
Success rate is 0 percent (0/5)
and only the 6's show up in r1's table...
r1#sh ip route | exc L | inc loop
Gateway of last resort is not set1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 1.1.1.0/24 is directly connected, Loopback1
6.0.0.0/24 is subnetted, 1 subnets
O E2 6.6.6.0 [110/20] via 10.1.2.2, 00:10:14, FastEthernet1/1
[110/20] via 10.1.1.2, 00:10:14, FastEthernet0/0
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.1.1.0/24 is directly connected, FastEthernet0/0
C 10.1.2.0/24 is directly connected, FastEthernet1/1
O IA 192.168.1.0/24 [110/782] via 10.1.1.2, 00:35:39, FastEthernet0/0
O IA 192.168.2.0/24 [110/782] via 10.1.2.2, 00:35:39, FastEthernet1/1
it is clear from the table only the 6's are permitted for r1...
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/11/16 ms
r1#ping 7.7.7.7
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
r1#ping 172.16.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
here are some important distinctions from cisco...
distribute-list in (IP)
To filter networks received in updates, use the distribute-list in command in router configuration mode.
distribute-list out (IP)
To suppress networks from being advertised in updates, use the distribute-list out command in router configuration mode
like in-out on interfaces in acl's, think of in-out from the point of view of origination...
the combinations are limited only by your imagination, and expected behaviors...
No comments:
Post a Comment