Search This Blog

Monday, November 22, 2010

RIP Route Manipulation – Inbound Filtering

Inbound filtering deals with self-manipulation of incoming route updates, here I will describe two methods for applying RIP inbound filtering: prefix-list and extended ACL.

Using prefix-list allows us to filter route-prefixes from specific host using the following syntax:

router(config)#ip prefix-list NET seq 10 permit

router(config)#ip prefix-list NET seq 20 permit

router(config)#ip prefix-list SRC seq 10 permit

router(config-router)#distribute-list prefix NET gateway SRC in

Where the first two lines sets the networks that we allow to come into the routing table, the third line points the router that we wish to filter from and applying both prefix-lists into RIP using distribute-list command.

Distribute-list has local significant on the router and it doesn't apply for RIP update or request messages, it suppresses the route-prefixes from RIP database to the routing table.

Using extended access-list provides us much more flexibility when configuring RIP filtering. For example:

router(config-ext-nacl)#ip permit host host

router(config-ext-nacl)#ip permit host host

router(config-ext-nacl)#ip deny host host

router(config-ext-nacl)#ip permit any any

router(config-router)#distribute-list 100 in

In the following example I have configured that the router will accept route-prefixes and from router and deny route-prefix from entering the route table, also permitting everything else from any other RIP enabled router.

Pay attention that the ACL is a little bit different then a normal ACL, in this case the next-hop router is refered as the first host and the route-prefix is the second host.





No comments:

Post a Comment