CCIE R&S Advanced Technologies Class v4.5 - Prefix-Lists, RIP Distribute-List Filtering, RIP Administrative Distance Filtering

Transcript

1	Introduction	0h 43m
2	Using the Cisco Documentation	0h 52m
3	Ethernet Overview, Layer 2 Switchports, Trunking, ISL, 802.1q, DTP	0h 47m
4	VTP, VTP Authentication, VTP Pruning	1h 02m
5	VTP Prune Eligible List, VTP Transparent, VTP Troubleshooting, Trunk Allowed List, Extended VLANs	0h 48m
6	VLAN and VTP Review	0h 19m
7	SVIs, Native Routed Interfaces, Router-on-a-Stick	0h 46m
8	Layer 2 EtherChannel, EtherChannel Load Balancing, Layer 3 EtherChannel	0h 57m
9	802.1q Tunneling, Layer 2 Protocol Tunneling, EtherChannel over 802.1q Tunneling	1h 03m
10	STP Root Bridge Election, STP Root Port Election, STP Designated Port Election, STP Priority, STP Cost, STP Port-Priority	1h 46m
11	STP Review	0h 12m
12	STP Timers, STP PortFast	0h 34m
13	STP UplinkFast	0h 11m
14	STP BackboneFast	0h 12m
15	STP BPDU Filter	0h 13m
16	STP BPDU Guard	0h 11m
17	STP Root Guard	0h 11m
18	STP Loop Guard, Unidirectional Link Detection (UDLD)	0h 11m
19	Multiple Spanning-Tree Protocol (MST)	0h 40m
20	Rapid Spanning-Tree Protocol (RSTP), Rapid-PVST	0h 18m
21	MST with Multiple Regions	0h 33m
22	Flex Links	0h 16m
23	Frame Relay	0h 39m
24	Frame Relay Configuration Part 1	0h 34m
25	Frame Relay Configuration Part 2	0h 41m
26	Frame Relay Switching	0h 27m
27	Back-to-Back Frame Relay	0h 08m
28	Frame-Relay End-to-End Keepalives	0h 18m
29	PPP, PPP PAP Authentication, PPP CHAP Authentication	0h 59m
30	PPPoFR, PPPoE	0h 40m
31	Transparent Bridging, IRB	0h 32m
32	Fallback Bridging	0h 14m
33	IP Routing Overview, Switching Paths, Static Routing	0h 42m
34	Static Routing Examples	0h 25m
35	IP Default-Gateway, IP Default-Network	0h 14m
36	On-Demand Routing (ODR)	0h 07m
37	Floating Static Routes	0h 10m
38	Backup Interface	0h 29m
39	Enhanced Object Tracking, IP SLA, Reliable Static Routing	0h 21m
40	Policy Routing	0h 43m
41	GRE Tunneling, GRE Recursive Routing Errors	0h 27m
42	Reliable Backup Interface with GRE	0h 25m
43	RIP Overview, RIP Versions, RIP Auto-Summary	0h 48m
44	RIP Split-Horizon, RIP Timers	0h 22m
45	RIP Broadcast Updates, IP Directed Broadcast, IP Broadcast-Address, Smurf Attacks, Fraggle Attacks	0h 16m
46	RIP Unicast Updates	0h 03m
47	RIP Offset-List	0h 18m
48	RIP Authentication	0h 11m
49	RIP Summarization	0h 10m
50	Prefix-Lists, RIP Distribute-List Filtering, RIP Administrative Distance Filtering	0h 48m
51	RIP Default Routing, RIP Conditional Default Routing	0h 18m
52	RIP Triggered, RIP Validate Update Source,	0h 12m
53	EIGRP Overview	0h 29m
54	EIGRP Auto-Summary	0h 07m
55	EIGRP Split-Horizon	0h 11m
56	EIGRP Update Types, EIGRP Neighbor, EIGRP Passive-Interface	0h 24m
57	EIGRP Hello-Interval, EIGRP Hold-Time	0h 05m
58	EIGRP Authentication	0h 11m
59	EIGRP Time Based Authentication	0h 25m
60	EIGRP Path Selection, EIGRP Metric Weights, EIGRP Traffic Engineering	0h 47m
61	EIGRP Unequal Cost Load Balancing, EIGRP Variance	0h 19m
62	EIGRP QUERY, EIGRP Summarization, EIGRP Leak-Map	0h 28m
63	EIGRP Stub Router Advertisement	0h 22m
64	EIGRP Default Routing	0h 13m
65	EIGRP Route Filtering	0h 11m
66	EIGRP Router-ID	0h 07m
67	Miscellaneous EIGRP Features	0h 02m
68	OSPF Overview	0h 27m
69	Establishing OSPF Adjacencies, Understanding the OSPF Database	0h 43m
70	OSPF Network Type Broadcast, OSPF DR/BDR Election, OSPF over NBMA, OSPF Network Type Non-Broadcast and Point-to-Multipoint	0h 56m
71	OSPF Network Type Point-to-Point, OSPF Network Type Mismatch	0h 13m
72	OSPF Network Type Point-to-Multipoint Non-Broadcast, OSPF Per Neighbor Cost	0h 17m
73	OSPF Network Type Loopback	0h 02m
74	OSPF Path Selection	0h 27m
75	OSPF Convergence Timers	0h 09m
76	OSPF Authentication	0h 12m
77	OSPF Summarization	0h 32m
78	OSPF Stub Areas, OSPF Totally Stubby Areas, OSPF NSSAs, OSPF Totally NSSAs	0h 40m
79	Controlling OSPF NSSA Redistribution	0h 02m
80	OSPF Type 7 to 5 Translator Election, OSPF LSA Type 3 Filter, OSPF Forwarding Address Suppression	0h 24m
81	Route Redistribution Overview	0h 36m
82	Route Redistribution Configuration & Verification, Connected Redistribution	0h 22m
83	OSPF External Path Selection, TCL PING Scripting	0h 33m
84	Routing Loops Overview, EIGRP Route Loop Prevention	0h 55m
85	Metric Based Routing Loops, Route Tagging	0h 46m
86	Administrative Distance Based Routing Loops, Debug IP Routing, IP Route Profile	0h 58m
87	BGP Overview, BGP Peering Types	0h 51m
88	Establishing BGP Peerings, EBGP Multihop, BGP Neighbor Disable Connected Check, BGP TTL Security	0h 49m
89	BGP 4-Byte ASNs	0h 20m
90	BGP Local AS, BGP Peer Groups	0h 30m
91	BGP Next-Hop Self, BGP Next-Hop Processing	0h 30m
92	BGP Route Reflectors	0h 37m
93	Large Scale BGP Route Reflectors with Clusters	0h 34m
94	BGP Confederation	0h 37m
95	BGP NLRI Advertisements, BGP Network Statement, BGP Redistribution	0h 43m
96	BGP Aggregation, BGP Aggregation & Summary-Only, BGP Aggregation & Unsuppress-Map	0h 46m
97	BGP Origin, BGP Aggregation & AS-Set, BGP Aggregation & Advertise-Map	0h 22m
98	BGP Conditional Route Injection	0h 21m
99	BGP Bestpath Selection, BGP Multipath, BGP Weight	0h 53m
100	BGP Local Preference, BGP Local Preference and Communities, BGP AS-Path Prepending,	0h 30m
101	BGP MED, BGP MED Missing As Worst, BGP Deterministic MED	0h 17m
102	BGP Communites, BGP Regular Expressions	0h 43m
103	BGP Filtering, BGP Convergence Timers, BGP Default Routing, Miscellaneous BGP Features	0h 24m
104	MPLS Overview, MPLS Label Distribution Protocol (LDP)	1h 05m
105	MPLS Tunnels, MPLS Penultimate Hop Popping (PHP)	0h 40m
106	MPLS Layer 3 VPNs Overview, VRF Lite	0h 36m
107	MPLS Layer 3 VPNs and VPNv4 BGP	1h 08m
108	MPLS Layer 3 VPN Verification & Troubleshooting	0h 49m
109	MPLS Layer 3 VPN OSPF PE-CE Routing Overview	0h 06m
110	MPLS Layer 3 VPN OSPF PE-CE Routing Path Selection & Sham-Links	2h 01m
111	MPLS Layer 3 VPN OSPF PE-CE Routing Loop Prevention & Down-Bit, OSPF Capability VRF-Lite	0h 40m
112	IPv6 Overview, IPv6 ICMPv6 ND, IPv6 over NBMA	0h 44m
113	IPv6 Routing Overview, IPv6 Static Routing	0h 28m
114	IPv6 RIPng	0h 20m
115	IPv6 EIGRPv6	0h 09m
116	IPv6 OSPFv3	0h 31m
117	MP-BGP for IPv6	0h 26m
118	IPv6 Tunneling	1h 13m
119	Multicast Overview, IGMP	0h 34m
120	PIM Overview	0h 18m
121	PIM Dense Mode	1h 03m
122	PIM Sparse Mode	0h 30m
123	PIM Sparse Mode Configuration	0h 36m
124	PIM Sparse Mode RPF & RP Troubleshooting	0h 27m
125	Auto-RP, Multicast over GRE Tunnels	0h 53m
126	Bootstrap Router (BSR), Bidirectional PIM, Source Specific Multicast (SSM)	0h 40m
127	MSDP, Anycast RP	0h 27m
128	IPv6 Multicast Routing	0h 24m
129	QoS Overview, IntServ QoS, DiffServ QoS, IP Precedence, DSCP, MQC, HQF	0h 41m
130	MQC Classification	0h 44m
131	FIFO, FQ, WFQ, CBWFQ, HQF	0h 50m
132	LLQ	0h 23m
133	WRED	0h 31m
134	Traffic Shaping, Traffic Policing	0h 40m
135	Frame Relay Traffic Shaping (FRTS)	0h 33m
136	RSVP	0h 07m
137	Catalyst 3560 QoS	1h 00m
138	IOS Security Overview, Access Lists (ACLs)	0h 58m
139	Time Based ACLs, Dynamic ACLs	0h 33m
140	Reflexive ACLs	0h 21m
141	TCP Intercept, Content Based Access Control (CBAC)	0h 34m
142	Zone Based Policy Firewall (ZBPF)	1h 09m
143	AAA, Local Authentication, Local Authorization, Role Based CLI Access	0h 43m
144	Port Security, Static CAM Entries, Storm Control, 802.1X Authentication, PACLs, RACLs, VLAN Access Maps (VACLs)	0h 48m
145	DHCP Snooping, Dynamic ARP Inspection (DAI), IP Source Guard	0h 12m
146	Protected Ports, Private VLANs	0h 25m
147	IP Services Overview, HSRP	1h 10m
148	VRRP, GLBP	0h 28m
149	NAT	0h 42m
150	DHCP, DNS	0h 30m
151	NetFlow	0h 09m
152	WCCP, Miscellaneous IP Services	0h 06m
153	System Management Overview, NTP, NTP Authentication	0h 24m
154	SNMP, RMON	0h 38m
155	Syslog, Telnet, SSH, Banners	0h 21m
156	EEM Scripting, Miscellaneous System Management	0h 26m
Total Duration		81h 42m

Slides - Diagrams

Slides - Introduction

Slides - Ethernet Switching

Slides - Advanced Ethernet Switching

Slides - Frame Relay

Slides - PPP

Slides - Transport Bridging

Slides - Redistribution

Slides - IOS Security

Slides - Layer 2 Security

Slides - IP Services

Slides - System Management

0:00:13	In our next section here, we're gonna look at different ways that we can apply the routing filters to RIP.
0:00:19	Both for filtering out updates as they're received in
0:00:22	and as updates are advertised outbound.
0:00:25	We saw previous examples of this when we were modifying the metric value with the offset list.
0:00:30	We can use this either inbound or outbound
0:00:33	to set the metric value to 16 or higher.
0:00:36	Which effectively, as infinite, which means that it cannot be installed in the routing table.
0:00:42	We also talked about using the standard access list with the offset list.
0:00:46	Where the shortcoming of this implementation is that we can only match on the network, not on the prefix length.
0:00:54	So again, if we were to have two equal addresses that were different prefixes,
0:01:01	so, if we had the route 10.0.0.0/8, and 10.0.0.0/16,
0:01:11	and 10.0.0.0/24, we know that technincally, these three are not the same route.
0:01:19	But from the perspective of a standard access list,
0:01:22	since we can only match on the address portion,
0:01:26	those have the filters would treat them the same.
0:01:29	So, technically, we can use the standard access list both for inbound and outbound filters in RIP.
0:01:35	Normally, we would not want to do that though because we cannot do any sort of granular match
0:01:41	on both the prefix and the length at the same time.
0:01:44	This is mainly where the prefix list is going to be applied
0:01:49	because we can use this both for the route and the prefix length,
0:01:54	which is the subnet mask.
0:01:57	Now, the syntax for the this can get a little bit confusing.
0:02:00	It's not very well documented how the prefix list actually works.
0:02:04	And the syntax actually has two separate meanings,
0:02:06	depending on whether we're matching just the route itself
0:02:10	or the route plus a range of the bitwise values of the address plus the range of the subnet mask.
0:02:19	Now, there are a couple write-ups that I've done previously on our CCIE blog,
0:02:24	that have examples of how to use the prefix list.
0:02:27	I'll run through a couple of them here
0:02:29	similar examples and then this is going to apply to all of the filtering in our IGPs and BGP.
0:02:36	Essentially, anywhere that a prefix list could be applied.
0:02:41	Now, for matching an actual route, the syntax is very straightforward.
0:02:45	We would say something like IP prefix list
0:02:50	give it a name, ABC. Permit or deny. And then the actual route.
0:02:58	So, for example, 10.0.0.0/24.
0:03:04	So, this means that the prefix that's matched has to be exactly the address 10.0.0.0
0:03:10	and exactly the subnet mask of /24.
0:03:13	This means that this entry would not match 10.1.0.0/24 or 10.0.0.0/25.
0:03:25	So, any difference in the address field or the subnet mask field,
0:03:31	it means that the prefix list match is not going to occur.
0:03:34	Now, where it's a little bit more confusing is when we start to match a range of the subnet masks
0:03:41	which is with the GE or greater than or equal to.
0:03:45	And LE, which is less than or equal to for the subnet masks.
0:03:52	So, there are some complex logics that we can get into with these type of matches.
0:03:57	We could say for example thatI want to match all prefixes
0:04:00	that have a mask that is less than or equal to 10.
0:04:04	In which casae, I would say IP Prefix List...
0:04:09	Give it a name...
0:04:11	XYZ...
0:04:14	Then the subnet mask would be less than or equal to 10.
0:04:21	And we will then compare this again to the address field.
0:04:25	So, in this case, when we're using either the LE or the GE keywords,
0:04:29	the address field, if we were to say 0.0.0.0/0,
0:04:37	this does not mean the actual route 0.0.0.0
0:04:43	It means, to check 0 bits of the address 0.0.0.0
0:04:51	So, essentially, it means anything.
0:04:54	Now, this would be different if we were to say IP Prefix List XYZ Permit 0.0.0.0/0
0:05:03	without using either the LE or GE keywords,
0:05:05	that would mean the actual prefix 0.0.0.0/0, which would be the default route.
0:05:12	So, when we're using the LE or GE keywords, this example, 0.0.0.0/0 means anything.
0:05:21	Now, we could get into more complex logics.
0:05:24	Let's say that we wanted to match all class A networks,
0:05:29	that had the classful mask of /8.
0:05:32	Now, we talked about this before in binary.
0:05:36	A class A address is gonna be defined as what?
0:05:42	In the first octet, anything that starts withthe bit value 10 is gonna be class A.
0:05:54	So, if it's 10, actually no, not 10.
0:05:58	Anything that starts with 0, excuse me.
0:06:03	So, anything that starts with a 0, that's gonna be a class A.
0:06:07	Okay, this means that class A goes from 0 through 127.
0:06:12	Where class B is 10, which means that anything 198 through 191.
0:06:20	Class C is 110, which is anything 192 through 223.
0:06:26	Then, class D, 111...
0:06:29	is... Actually, 1110.
0:06:33	1110, that's 224 through 239,
0:06:38	and then, 1111 is 240 through 255.
0:06:44	So again, these are ranges of class ABC, D and E.
0:06:49	So, if I were to match anything that is a class A,
0:06:52	I would want to look for the first most significant bit being a zero,
0:06:57	and if they were using their classful masks, then, that would be a /8,
0:07:01	where class B would be a /16, class C would be /24.
0:07:06	So, from a prefix list syntax point of view,
0:07:10	I could say, Permit the prefix 0.0.0.0/1
0:07:20	with a mask that is greater than or equal to 8,
0:07:24	but at the same time, less than or equal to 8.
0:07:29	So, I'm saying that the subnet mask has to be exactly that value, has to be exactly 8.
0:07:34	But of the address, I'm checking just the most significant bit, the very first bit
0:07:38	to make sure that it is a zero.
0:07:41	Then, likewise if I were to say...
0:07:45	that we'll check the address of 128.0.0.0./2
0:07:55	with masks greater than or equal to 16 or equal to 16, this would be our class B routes.
0:08:01	Okay, class B with a classful mask.
0:08:05	Where class C then would be 192.0.0.0/3.
0:08:10	The mask GE 24, LE 24.
0:08:15	So, that would be with just their classful masks.
0:08:18	If I were to say, "Just match all class B routes regardless of what their mask is."
0:08:23	That would be 128.0.0.0/2 with the mask of less than or equal to 32.
0:08:31	Because every prefix is always gonna have a mask that is 32 or below.
0:08:37	If I were to say, 0.0.0.0/0,
0:08:43	GE 32,
0:08:50	what is this last statement then matching?
0:09:00	So, we're saying, "Check zero bits of the address."
0:09:04	As long as the subnet mask is greater than or equal to 32,
0:09:11	which would essentially mean, all host routes.
0:09:14	So, anything with a mask of /32, that's what the fourth line with their match.
0:09:20	There's a question, "Would Permit..."
0:09:27	And let me draw this out. "Would Permit 0.0.0.0/4 LE 32 match all multicast addresses?"
0:09:39	It would actually be...
0:09:45	It would be 224...
0:09:49	0.0.0/4 LE 32. The only problem with this though...
0:09:54	is that there are no routes that are in the multicast range.
0:10:00	Nor other any routes that are in the class E range.
0:10:04	So, the key with this prefix list...
0:10:07	is that we're using it just for matching routing information.
0:10:11	So, just for prefixes that are either in the RIP database, the EIGRP topology,
0:10:17	the OSPF database, the BGP table,
0:10:20	we're not using it for any type of traffic filters.
0:10:24	So, the only application of prefix list would be as a distribute list in IGP,
0:10:29	or in a route map for BGP
0:10:32	when we're trying to match routing information for changing attributes,
0:10:36	and changing the BGP best path selection process.
0:10:40	Now, this is fundamentally different from an access list.
0:10:45	Whether this be a standard access list or an extended access list,
0:10:49	because these are mainly designed for filtering in the data plane,
0:10:53	which is the actual traffic flows.
0:10:56	So, ideally, anytime you're working with the routing protocols
0:10:59	and you're trying to match routes,
0:11:03	Anytime you're dealing with the data plane,
0:11:08	or FTP traffic on actual data plane flow,
0:11:14	Now, there are some implementations that only take an access list as an argument,
0:11:19	those are typically the ones that it doesn't care about what the mask value is,
0:11:24	it's just an address that you're trying to match against.
0:11:27	So, an example of this would be like in multicast, if we're trying to do a candidate RP filter.
0:11:35	So, in that case, we don't care about what the mask length is to the route to get to the run of a point,
0:11:41	we're just matching an address.
0:11:44	But for the case of route filtering, normally, we would not wanna use the standard or extended list.
0:11:49	Reason is that we cannot match on the prefix length.
0:11:52	Now, we technically can do this though, and the implementation is very straightforward.
0:11:57	So, let's say in our case, I wanna go to switch 4,
0:12:02	and when switch 2 advertises its loopback address 150.10.8.0/24,
0:12:10	I wanna filter this out from my advertisement.
0:12:14	So, on switch 4, simply, we would configure an access list.
0:12:18	Then if we say Show Access List.
0:12:21	Okay, we don't have anything configured.
0:12:24	Access list 1 is gonna deny 150.10.8.0
0:12:35	Then under the RIP process, we'll say that this is applied as a distribute list.
0:12:40	Distribute list number 1, we'll apply it as an inbound filter.
0:12:44	I could apply it to a specific interface or I could it to all interfaces at the same time.
0:12:50	So, this case I'm saying, "Regrdless where it's coming from, I'm going to filter routes
0:12:54	based on what access list 1 says."
0:12:57	So, now, if I clear the routing table and Show IP Route RIP,
0:13:03	we should now see that 150.10.8.0 is no longer in the table.
0:13:10	So, if we look at our route to 150.10.8.0,
0:13:14	we see that the longest match for that is the summary that we configured before.
0:13:20	So, we don't have a specific match for this.
0:13:24	But again, the shortcoming of this is that the filter is only matching the address,
0:13:31	it is not matching the subnet mask at the same time.
0:13:34	So, if we were to have more than one route that assuring the same address field,
0:13:39	which would not be asked common in IGP,
0:13:42	but we'll see is very common in BGP, normally, we wouldn't use this implementation.
0:13:51	Now, of course within the scope of the lab exam, if you have some question that says, "Don't use a prefix list."
0:13:56	"Don't use an extended access list." Then that's gonna limit what features you can use in order to actually accomplish the route filtering.
0:14:06	Now, we can also use an extended access list
0:14:09	which is a different syntax when we're referencing this in IGP as opposed to BGP.
0:14:16	We'll see in BGP, by using an extended access list,
0:14:20	it was a workaround before the prefix list was implemented.
0:14:25	So, in the case of BGP, an extended ACL can match both the network and the subnet mask.
0:14:32	In the case of IGP, for RIP and EIGRP specifically,
0:14:37	this is gonna be used to match what is the address of the prefix
0:14:42	but also what neighbor is this coming from.
0:14:47	So, on any type of multipoint segment,
0:14:50	where in our case we have the multipoint frame-relay interface between routers 1, 2, 3, 4, and 5.
0:14:56	And then we have the multipoint segment that's between routers 1, 4, and 6,
0:15:02	we could use an extended access list to filter what particular neighbors we do or do not want to receive a particular route from.
0:15:12	So, let's look at this on router 5.
0:15:16	Router 5 is learning a bunch of routes
0:15:19	that are coming in from these neighbors.
0:15:24	Let's say we wanna do a modification on the addresses that router 2 is advertising to router 5.
0:15:32	So, first, let's see what routes do we actually have in the routing table.
0:15:36	If we go to 5 and say Show IP Route RIP,
0:15:43	we see that this 192.10.10.0 prefix.
0:15:53	This is the closest path for this destination because router 2 is only one hop away
0:15:57	and this network is directly connected to it.
0:16:00	Now, theoretically, we should have other alternate paths to this network,
0:16:06	because router 2 is gonna be advertising this route not only out to frame-realy
0:16:10	but out that point-to-point link to router 3.
0:16:13	Then router 3 is gonna send it out every single direction here.
0:16:19	So, let's say now in router 5's case,
0:16:22	we want to accept this routing advertisement but we don't want to accept it from router 2.
0:16:27	We'll accept it from any other neighbor on the frame-relay segment except for router 2.
0:16:35	Now, we already know what the prefix is.
0:16:38	Now, we do know what is the address that
0:16:44	In the case of RIP this will always be the
0:16:51	If we look at the Show IP Route Output
0:16:52	for the longer prefix,
0:16:55	this is what is denoted in the from field.
0:16:59	So, this is the route source.
0:17:07	We can see from RIP's point of you view,
0:17:10	the route source is the same as the next hop value.
0:17:16	There are cases however in other IGPs and in BGP
0:17:27	The key point being anytime we are
0:17:32	we want to look at this field that
0:17:36	not the next hop,
0:17:38	and not whatever it says the
0:17:43	So, we'll see in some other applications later.
0:17:46	In the case of OSPF, this
0:17:50	of the device that is originating
0:17:55	which could be the actual router
0:17:57	or could be an ABR or potentially an ASBR.
0:18:02	In the case of EIGRP, it should be...
0:18:06	I wanna say that it is the router ID.
0:18:10	when we look at the Show IP Route Output.
0:18:12	But in any case, you don't need to memorize
0:18:15	the differences between protocols
0:18:18	as long as you know that's what this field
0:18:22	that's the route source."
0:18:26	So, to implement this filter,
0:18:29	we're gonna create an extended access list
0:18:35	and this addresses the route itself."
0:18:38	But again we cannot match on the subnet mask.
0:18:41	So, if that was a /24 and a /25,
0:18:44	router 5 is not gonna be able to
0:18:50	So first, let's look of the Show Access List.
0:18:53	I wanna make sure that I have some
0:18:56	that I'm not overwriting a previous
0:19:01	So basically, anytime you create an
0:19:06	anything that is a user-defined name,
0:19:09	it's a good idea to say Show Access List,
0:19:13	to make sure that you're not overwriting something
0:19:22	So, we'll create Access List...
0:19:25	100.
0:19:28	And I want to deny in this case...
0:19:32	routes are coming from the source of router 2.
0:19:37	And they are about the prefix 192.10.10.0.
0:19:43	So, we can see, it's kind of an odd syntax.
0:19:45	It's not the normal application
0:19:48	where it is the traffic source
0:19:51	If the route source and the prefix,
0:19:56	then, I don't want to filter out anything else. So,
0:20:03	Then lastly, onto the routing process,
0:20:08	on serial 0/0/0.1234.
0:20:14	So, once we cleared a routing table,
0:20:16	if we now look at the Show IP Route 192.10.10.0,
0:20:22	we see that the route is still there,
0:20:24	but now, it's being received
0:20:28	Where previously, the route had hop
0:20:33	Now, it has a hop count of 4 as
0:20:37	So, if we trace the route to the destination,
0:20:43	Or actually, the .2 address.
0:20:52	But it's simply that we're not gonna be using...
0:20:55	router 2 to reach it.
0:20:58	Now, just like we saw before we did the offset list,
0:21:01	Since RIP is very slow to converge,
0:21:04	essentially now, we have a
0:21:07	So, some forces the network do not agree with other
0:21:14	So really, there's only two options we have here.
0:21:20	or flush everyone's routing tables out and
0:21:24	So, I'll do that second option. I'll say...
0:21:27	that on everyone,
0:21:30	I'm going to clear the routing table,
0:21:48	So next, let's look back at router 5 and see...
0:21:51	does it still have that routing entry?
0:21:58	Okay, now, we do not have a route.
0:22:01	And let's make sure... I believe that router 2 might
0:22:07	So, let's say, Show IP Interface Brief.
0:22:10	And it does. So, router 2 doesn't have a link
0:22:17	So, let's bring that link back up.
0:22:19	This should cause router 2 to start sending its updates
0:22:22	out towards router 3.
0:22:26	So, we'll go from 2 to 3, then, from 3 to 5.
0:22:31	5 then should prefer this path with a hop count of 2
0:22:35	as opposed to the one that's coming in
0:22:43	So, on router 5, we check the...
0:22:46	the prefix. Now, we are receiving
0:22:50	If we trace the path to the destination,
0:22:55	we see we're still able to reach it, but now, we're using
0:23:11	Now, there is actually an easier way to
0:23:17	because when you look at the access list syntax here,
0:23:21	you kind of have a 50-50
0:23:24	which one is supposed to be the route source,
0:23:29	So, it's not really obvious how
0:23:32	Instead of doing this, it's easier under the process
0:23:37	that when we apply to distribute list,
0:23:40	we will say that it is for this specific route.
0:23:45	So, this is Prefix List A,
0:23:50	but it is coming from this particular gateway,
0:23:54	which is a another prefix list.
0:23:57	This syntax, I would say is more straightforward because
0:24:03	which list is referring to the route source.
0:24:07	So, in this case we would say,
0:24:10	IP Prefix List router 2's route...
0:24:14	is 192.10.10.0/24,
0:24:22	and in this case, I actually want to deny this.
0:24:30	And I'm gonna deny this to come from router 3.
0:24:35	So, I'm denying this, but I'm not denying
0:24:40	which 0.0.0.0/0 LE 32.
0:24:46	So, it's essentially any other route.
0:24:49	Then, the prefix list from router 3
0:24:53	will permit the route source that
0:24:59	In this case, it's router 3's address
0:25:04	So, 155.10.0.3.
0:25:08	Now, under the routing process,
0:25:12	as a distribute list.
0:25:15	The prefix list R2 route,
0:25:20	from the gateway,
0:25:23	from R3,
0:25:26	and would we could do this inbound.
0:25:28	Now, it gives you the option of doing is outbound,
0:25:32	You cannot control when you send the
0:25:38	I if wanted to choose on the frame-relay network
0:25:44	I would then need to do what?
0:25:49	Not apply a distribute list,
0:25:53	but I would have use the neighbor
0:25:57	So, router 5 could potentially say, "I wanna send
0:26:04	There's no way to selectively filter this way
0:26:09	where the updates and go out to.
0:26:13	Actually, you may be able to try this with doing unicast
0:26:20	but there's probably is a simpler solution
0:26:26	So, let's see now, did this actually apply?
0:26:28	Let's look at the result of...
0:26:31	the... not the trace. Let's clear the routing table.
0:26:36	And then say Show IP Route 192.10.10.0.
0:26:41	Okay, right now, we do not have the network.
0:27:03	And it doesn't look like it's a
0:27:08	it's probably been 30 seconds
0:27:11	Let's look at the Debug IP RIP.
0:27:16	And we'll see...
0:27:19	if router 5 is receiving these
0:27:24	And it looks like I probably have
0:27:30	So, console is logging at level 6,
0:27:35	And the monitor is at debugging.
0:27:37	So, let's clear the log out, and we'll just
0:28:09	So, we see that we are receiving...
0:28:14	this route in from router 1,
0:28:23	and we should be able filter this a little bit,
0:28:27	and include update from/or 192.10.10.0/24.
0:28:41	So, it looks like I'm receiving it from 1, 4...
0:28:45	2, and 3.
0:28:48	I'm getting from all of them but I'm
0:28:52	Let's double check again that
0:28:56	Show IP Route 192.10.10.0.
0:29:00	So, it's not getting installed.
0:29:01	What this means is that the
0:29:05	is filter out all the routes that we didn't mean to.
0:29:10	So, Distribute List Prefix R2 Route...
0:29:13	Gateway from R3 in.
0:29:16	Let's look at the Show IP Prefix List.
0:29:25	So, we're matching routes that come from...
0:29:31	3...
0:29:33	and denying that particular prefix,
0:29:37	which means that actually, we're gonna have to go a
0:29:43	So, what we're gonna have to say then...
0:29:48	is what are the gateways that we do
0:29:55	and what are the gateways that we do
0:30:01	So, let's look at the...
0:30:04	the Command Reference and see what
0:30:19	So, under 12.4T commands, let's go down to...
0:30:24	IP Routing for RIP Command Reference.
0:30:30	RIP Commands, then, the...
0:30:34	actually, Distribute List is not here.
0:30:36	This would then mean that distribute list is
0:30:42	Command Reference. So, let's go back
0:30:47	IP Routing Protocol Independent
0:30:51	Then, A though R for distribute list in.
0:31:16	To filter networks received in updates,
0:31:22	It says, "Just access list name or number."
0:31:25	So, this actually does not show us
0:31:31	What this probably means then...
0:31:34	To figure out this specific syntax example,
0:31:36	we're gonna have to go back a few IOS releases
0:31:39	to see if it's in the older versions.
0:31:42	We'll also see this a little bit later with EIGRP.
0:31:45	For some reason, if you look at
0:31:49	EIGRP is gone from this list of links.
0:31:54	So, whoever was last working on a webpage,
0:32:00	So, we can't find it, but it just means that we're
0:32:05	This is why in our previous sections of class,
0:32:11	I cannot stress enough how important it is
0:32:16	because if you're the exam day, and you're
0:32:21	you go to this page and it's not there,
0:32:25	then, what are gonna do?
0:32:26	So, you need to know what are the alternate
0:32:31	So, let's try to go to 12.4 Mainline,
0:32:35	and see...
0:32:38	and see if it's listed under there.
0:32:43	Regular IOS 12.4 Mainline.
0:32:49	Then, under Reference Guides,
0:32:56	IP Routing... And EIGRP is not here either.
0:33:01	So, I'll have to take a look at later
0:33:05	Then, let's try the RIP Command Reference.
0:33:09	RIP Commands.
0:33:11	And distribute list is not there either.
0:33:15	So, the documentation IOS. Regular IOS 12.3.
0:33:22	Let's try Regular 12.3 first.
0:33:26	Reference Guides, Command References.
0:33:33	IP Routing Protocols.
0:33:38	Then, let's see if this is under D.
0:33:43	Distribute List in IP.
0:33:49	I have a feeling it's not gonna show us all the...
0:33:56	the syntax options.
0:34:00	Distribute List in IP. So, it's the same thing
0:34:04	So, you could search for it, but...
0:34:08	that's not really gonna help you, because
0:34:12	Let's try one more thing
0:34:15	Let's try the Configuration Guide.
0:34:17	and see if it shows an example.
0:34:19	So, this would be under IP Routing.
0:34:22	RIP Configuration.
0:34:25	Let's see, what are advanced RIP features?
0:34:29	SNMP...
0:34:35	No, let's try the first one.
0:34:42	Offset List...
0:34:47	Let's search here for distribute list.
0:34:51	Distribute-List.
0:34:54	So, it doesn't even show it.
0:34:55	So, you could see some of this stuff if you
0:34:59	Unfortunately, the documentation
0:35:03	to help us with this.
0:35:06	So, let's see then, the problem is,
0:35:14	We are matching the route. We can
0:35:18	But it's not being filtered out from
0:35:22	Now, one of the things that I'm doing,
0:35:25	really that's not a great example here,
0:35:28	or that you should not get in the habit of...
0:35:31	is I basically now have an order
0:35:36	of the distribute list that is an access list,
0:35:40	and the distribute list that is a prefix list.
0:35:44	Now, the access list is applied in
0:35:49	where the prefix list distribute
0:35:54	But how do I know which one
0:35:59	So, depending on the order that
0:36:03	I may have some different results.
0:36:06	And a lot of the stuff you'll
0:36:10	and sometimes it's gonna
0:36:12	So, it's not something that you
0:36:17	You just wann stay away from
0:36:21	the order of operations becomes an issue.
0:36:26	So first off, let's remove the...
0:36:35	Let's remove the first one,
0:36:42	So, under the IP process, we'll get rid of the...
0:36:46	Distribute List 100.
0:36:49	Then, let's clear the routing table,
0:36:51	and before we make any
0:36:57	that's gonna do what we want.
0:37:00	192.10.10.0.
0:37:04	Okay, we're still not receiving the...
0:37:07	Now, we know that we are receiving the
0:37:11	But it simply means that the
0:37:15	So, what we'll have to say instead then...
0:37:20	if we look at the Show...
0:37:24	IP Prefix List,
0:37:27	we're gonna have to do kind of a
0:37:30	I will... I need to say that I want to deny...
0:37:34	the route...
0:37:39	that is...
0:37:42	not from...
0:37:48	1 and 4.
0:37:52	So, what I'm trying to accomplish here,
0:37:55	Router 5 is receiving 4 different updates...
0:37:58	in this link...
0:38:02	coming from 1, 2, 3, and 4.
0:38:04	I want to filter out...
0:38:06	the bottom 2. So, these ones I wanna get rid of.
0:38:10	So, I wanna permit the prefix as it's
0:38:17	So, we'll have a...
0:38:25	And you know what, we may not even be
0:38:30	I know that we can do it for all routes.
0:38:35	But we may not be able to
0:38:37	So, let's do this. Let''s say
0:38:42	that particular prefix
0:38:44	which is the 192.10.10.0 but we will permit
0:38:53	Then, we would need to see,
0:38:57	that comes back and permits
0:39:00	So, sometimes you'll see that you end up
0:39:06	Now, we could do this just by going
0:39:09	and router 3 and filtering out.
0:39:10	By far, that would be the simplest solution.
0:39:13	So then, we would not need to get
0:39:17	But within the scope of the lab exam,
0:39:19	it really depends on what
0:39:22	So, if it says you have to do
0:39:27	then we have to figure out
0:39:30	Okay, there are actually some other ways
0:39:34	I'll come back and show those after this.
0:39:37	So, let's try this now, let's say IP Prefix List...
0:39:40	that is not R2 and not R3.
0:39:48	This is going to not be 155.10.0.2/32,
0:39:57	and it is not going to be 152.10.0.3/32,
0:40:03	but it could be anything else.
0:40:05	So, we'll Permit 0.0.0.0/0 LE 32.
0:40:11	So, these are gonna be any updates that are
0:40:17	Then, I'm going to say that the...
0:40:21	The route that I'm going to
0:40:31	So, the question is now,
0:40:34	since the...
0:40:37	prefix list has an implicit deny at the end,
0:40:42	what this is probably in a do is...
0:40:49	filter out the other routes from the other neighbors,
0:40:54	So, let's Show Run Section Router RIP.
0:41:00	We'll remove this.
0:41:08	So, Router RIP.
0:41:11	Remove this filter.
0:41:15	And just to be clear that essentially, the frame-relay
0:41:20	I'm gonna just shut the other interfaces down.
0:41:24	So, we're not receiving updates in any other
0:41:30	Then, we have under the routing
0:41:35	prefix whose name is not router 2 and not router 3.
0:41:42	And we are going to permit the route.
0:41:50	Not, that's wrong. Prefix, and then the gateway.
0:41:57	No, actually this is backwards.
0:41:59	It should be the prefix is the route,
0:42:04	and the gateway is...
0:42:07	not router 2 and not router 3.
0:42:13	And that's gonna be in on serial 0/0/0.1234.
0:42:18	Okay, so now, let's clear the routing table,
0:42:22	Clear IP Route Star (*) and Show IP Route RIP.
0:42:26	So now, we're receiving that update from router 1,
0:42:29	and probably, eventually, we'll also receive it from 4,
0:42:39	but it's having the effect that...
0:42:43	that I predicted here. That it's...
0:42:46	It is dropping the prefix coming from routers 2 or 3,
0:42:51	but then it's implicitly denying everything else.
0:42:54	So, it is filtering the route, but that's
0:43:00	So, you'll see there's some limitations that
0:43:04	Now, what I could you do instead...
0:43:08	Instead of using either the extended
0:43:14	I could offset the metric.
0:43:17	So, I could say as the route is coming in,
0:43:20	and I don't believe we can apply
0:43:24	If we set offset list 1 in 16...
0:43:32	on serial 0/0/0.1234,
0:43:36	we can apply it to a neighbor.
0:43:38	So, that would work for the interface,
0:43:41	Okay, another workaround
0:43:45	because if and if the distance
0:43:50	and the route cannot be
0:43:53	Now, it would still be in the RIP
0:43:56	but then, when we go to actually
0:44:01	So, we should be able to poison the distance
0:44:07	and then end up in the result I want.
0:44:10	That I only want to filter out...
0:44:13	the two advertisements about
0:44:21	is it's coming from router 2 and
0:44:25	But everything else should be unmodified.
0:44:30	So, let's roll back the previous filter,
0:44:37	which is this one.
0:44:40	We should see, once that filter is gone,
0:44:43	then, all the routes are to
0:44:46	Okay, so now nothing is being
0:44:51	Now, with the distance however,
0:44:55	the issue is the same with
0:45:00	that it's taking a standard
0:45:04	So we would not be able to match on
0:45:07	In this particular case, it doesn't matter
0:45:13	that are sharing the address 192.10.10.0,
0:45:20	It's really only really gonna matter I
0:45:26	that are all matching the same address field.
0:45:31	So now, let's Do Show Access List.
0:45:35	Okay, I'll have the standard list,
0:45:40	Access List 1 that matches
0:45:45	Now, under the RIP process,
0:45:49	I'm gonna change the distance...
0:45:56	to 255.
0:45:59	The source is now gonna be from router 2.
0:46:05	So, this is an address and a wildcard. So the
0:46:11	for the routes that are matched in Access List 1.
0:46:16	Then, we'll see if it allows us to take multiple...
0:46:20	distance commands. So, we'll
0:46:25	Okay, this syntax should work then.
0:46:29	So, if we know clear the routing table,
0:46:32	and Show IP Route RIP,
0:46:37	we see that all the other
0:46:42	but now we're learning this route from 1.
0:46:48	If we trace to get to 192.10.10.2,
0:46:53	we're going for 1 to 3 to 2.
0:46:58	If I were to remove that single line that
0:47:05	and then clear the routing table,
0:47:08	we should see when we look at
0:47:12	that now this is coming from router 3.
0:47:17	So, for this particular application, the distance is
0:47:24	So, with the gateway syntax,
0:47:28	I wanna permit all routes from this neighbor,
0:47:33	and then deny all routes from other neighbors.
0:47:37	Or I could say, deny these specific routes from
0:47:43	but since there's no way
0:47:48	that would apply to filter on
0:47:51	there's no way for us to directly
0:48:02	So, when we look at the final
0:48:06	we're basically saying, 'For routes that
0:48:11	if they manage Access List 1,
0:48:14	we're changing the distance
0:48:20	But since Access List 1...
0:48:25	only matches that particular route, then,
0:48:35	Now, if you run into a case where you're not
0:48:39	neighbors were prefixes that you want,
0:48:42	what I could do now would
0:48:47	and replace it with some
0:48:54	anything 49. Okay, so, we know there's
0:49:00	This would then mean,
0:49:03	and there was a route in
0:49:09	that is matching that particular
0:49:13	which it is.
0:49:28	So, we'll see here with
0:49:33	we have the same type of logic
0:49:37	with the access list, or the prefix list,
0:49:39	we could do an offset list that is
0:49:44	Passive interface would filter all routing
0:49:48	So, that's going to filter out every single prefix.
0:49:53	But you can see, some of these
0:49:57	So, I'd highly recommend
0:50:00	to figure out what are all the
0:50:04	that the different routing protocols can do,
0:50:07	because if you get to the exam and the
0:50:11	but don't use an access list or a prefix list,
0:50:14	then, I would want to know why I could
0:50:18	or could use the distance,
0:50:20	or likewise they could say,
0:50:22	and you have what other

Now Viewing

CCIE R&S Advanced Technologies Class v4.5
Title:	CCIE R&S Advanced Technologies Class v4.5
Duration:	81h 42m
The CCIE Routing & Switching Advanced Technologies Class is the first step in understanding CCIE level technologies and is a companion to the Advanced Technologies Lab Workbook. Each technology you need to know for the CCIE Routing & Switching lab will be described in detail using an instructor led hands on demonstration. The class consists of over 80 hours of in depth explanations and examples.
Get instant access to our entire library!
	Sign Up
Download this Course
$299.00	Add to Cart

Prefix-Lists, RIP Distribute-List Filtering, ...

Create Bookmark