RIPV2 Update Filtering - Offset List,Passive Interface,Administrative Distance,Distribute-List

You can filter RIP updates using various methods and I am going to demonstrate four of them. We will use the topology displayed in figure 1 below. I have auto-summary disabled and running version2. All filtering will take place on R4.

Figure 1

Routing Table Before Any Filtering:

R4#show ip routeed static route

Gateway of last resort is not set

R    200.200.200.0/24 [120/1] via 192.168.100.2, 00:00:07, FastEthernet0/0
     100.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
R       100.100.100.0/24 [120/1] via 192.168.100.2, 00:00:07, FastEthernet0/0
R       100.0.0.0/8 is possibly down,
          routing via 192.168.100.2, FastEthernet0/0
C    192.168.100.0/24 is directly connected, FastEthernet0/0
 
Offset List: Lets mark 100.100.100.0/24 invalid by setting an offset of 15. We could of configured 16 as well. I went with 15 since we are already adding 1 hop count by default so it gives us 16.

1. Create an ACL to identify which routes should be filtered.
1.  access-list 1 permit 100.100.100.0 0.0.0.255
2.  Configure the offset-list under the rip process
1. router rip
2.  offset-list 1 in 15

From the debug below we can see that we are successful in preventing the route from making it into the routing table. Rip will only advertise routes that are in the routing table.

R4#debug ip rip
RIP protocol debugging is on
R4#
*Mar  1 00:37:36.811: RIP: received v2 update from 192.168.100.2 on FastEthernet0/0
*Mar  1 00:37:36.815:      100.100.100.0/24 via 0.0.0.0 in 16 hops  (inaccessible)
*Mar  1 00:37:36.815:      200.200.200.0/24 via 0.0.0.0 in 1 hops
*Mar  1 00:37:37.659: RIP: sending v2 update to 224.0.0.9 via FastEthernet0/0 (192.168.100.1)
*Mar  1 00:37:37.659: RIP: build update entries - suppressing null update

Passive Interface: Lets enable passive interface default on R4 F0/0.

1. Configure passive-interface default under the rip process
1. router rip
2. passive-interface default

From the debug below we can see that we are successful in preventing R4 from advertising routes to R5.(Compare the Debug From the previous Example). However, R5 can advertise routes to R4.

*Mar  1 00:47:45.955: RIP: received v2 update from 192.168.100.2 on FastEthernet0/0
*Mar  1 00:47:45.955:      100.100.100.0/24 via 0.0.0.0 in 16 hops  (inaccessible)
*Mar  1 00:47:45.959:      200.200.200.0/24 via 0.0.0.0 in 1 hops

Administrative Distance:  Lets increase the Administrative distance for subnet 100.100.100.0/24

1. Create an ACL to identify which routes should be filtered.
1.  access-list 1 permit 100.100.100.0 0.0.0.255
2.  Configure the distance value under the rip process
1. router rip
2.  distance 200 192.168.100.2 0.0.0.0 1 (The way to read this is apply admin distance 200 for any  routes in access-list 1 coming from 192.168.100.2).

We can see the update was succesfull from the following show ip route output. If you wanted to you can set the admin distance to 255(inaccessible) and the route will never get into the routing table (RIB).

R    200.200.200.0/24 [120/1] via 192.168.100.2, 00:00:17, FastEthernet0/0
     100.0.0.0/24 is subnetted, 1 subnets
R       100.100.100.0 [200/1] via 192.168.100.2, 00:00:17, FastEthernet0/0
C    192.168.100.0/24 is directly connected, FastEthernet0/0
R4#

distribute-list: Lets filter 100.100.100.0/24 from the routing table.

1. Create a prefix-list to identify which routes we want to only allow in.
1.  ip prefix-list filter_rip permit 200.200.200.0/24
2.  Configure the distribute-list under the rip process
1. router rip
2.  distribute-list prefix filter_rip in

 We can see the update was succesfull from the following show ip route output. We can also confirm
 that we are filtering routes inbound via show ip protocols.

Gateway of last resort is not set

R    200.200.200.0/24 [120/1] via 192.168.100.2, 00:00:06, FastEthernet0/0
C    192.168.100.0/24 is directly connected, FastEthernet0/0

R4#show ip protocols
Routing Protocol is "rip"
  Outgoing update filter list for all interfaces is not set
  Incoming update filter list for all interfaces is (prefix-list) filter_rip
  Sending updates every 30 seconds, next due in 13 seconds

CCNP TO CCIE

Its been sometime since I last updated the Blog and Now I am going to try and update the blog on a weekly basis. I have passed all three CCNP Routing & Switching Exams. I am officially CCNP Certified. I am now working on my CCIE. I need to update the title of the blog :-).