Let’s now take a look at some additional techniques that can be used along with network statements to control routing advertisements. Refer to the example topology:
Image may be NSFW.
Clik here to view.
Here’s a configuration we could use to get RIPv2 running on the Fa0/1, Fa0/2 and Fa0/3 interfaces:
router rip
version 2
network 172.16.0.0
network 10.0.0.0
Since we haven’t disabled automatic route summarization under RIPv2, the router will advertise the following:
- Fa0/0 – nothing (this interface is not running the protocol)
- Fa0/1 – 10.1.1.0/24 and 172.16.0.0/16
- Fa0/2 – 10.0.0.0/8
- Fa0/3 – 10.2.2.0/28 and 172.16.0.0/16
Now suppose that we want to advertise the 192.168.1.0/24 prefix via RIP on Fa0/1, Fa0/2 and Fa0/3, but we don’t want RIP to advertise any prefixes on the Fa0/0 interface. Why would this be? Perhaps there are no routers attached to that interface, only hosts. Another possibility is that we are going to run a different routing protocol on that interface.
One option would be to include a network statement for 192.168.1.0 under RIP, and use an ACL (Access Control List) to block outbound RIP advertisements on Fa0/0, like this:
interface fastethernet 0/0
ip access-group 100 out
router rip
version 2
network 192.168.1.0
network 172.16.0.0
network 10.0.0.0
access-list 100 deny udp any any eq rip
access-list 100 permit ip any any
With this configuration, the router will advertise the following prefixes via RIP:
- Fa0/0 – nothing
- Fa0/1 – 10.1.1.0/24, 172.16.0.0/16 and 192.168.1.0/24
- Fa0/2 – 10.0.0.0/8 and 192.168.1.0/24
- Fa0/3 – 10.2.2.0/28, 172.16.0.0/16 and 192.168.1.0/24
This approach works, but using an extended ACL is somewhat cumbersome. Another possibility is to use a network statement along with a distribute list, like this:
router rip
version 2
network 192.168.1.0
network 172.16.0.0
network 10.0.0.0
distribute-list 1 out fastethernet 0/0
access-list 1 deny any
In this configuration, the distribute-list command calls ACL 1, which blocks all outbound RIP advertisements on Fa0/0. The gives the same results as the previous configuration, but is simpler to configure. Another method is to use the network statement and a passive-interface command under RIP:
router rip
version 2
network 192.168.1.0
network 172.16.0.0
network 10.0.0.0
passive-interface fastethernet 0/0
In the case of RIP, setting an interface “passive” results in outbound advertisements being suppressed, but inbound advertisements are processed normally. The results are the same as before, but this was simpler to configure. Yet another possibility is to redistribute connected routes into RIP, like this:
router rip
version 2
network 172.16.0.0
network 10.0.0.0
redistribute connected
The redistribute connected command tells RIP to advertise the prefixes of connected interfaces into the routing protocol (including those of loopback interfaces). Because the “redistribute” doesn’t enable routing advertisements to be sent or received by the interfaces, we still need the network statements to get RIP running on Fa0/1, Fa0/2 and Fa0/3.
Next time, we’ll examine the behavior of EIGRP’s network statements.
Author: Al Friebe