7.1 Controlling Routing Update Traffic
7.1.3 Using and configuring route filters
This section discusses how access lists can be used to filter route updates. To prevent other routers from learning one or more routes, you can suppress routes from being advertised in routing updates. This is done to prevent other routers from learning the interpretation of a particular device of one or more routes. Use route filters when you want to advertise selected routes only, such as only a default route and no other routes that are usually advertised by the router. If you want to filter all updates advertised by an interface, use the passive-interface command instead. Because of the fundamental differences between distance vector and link-state IP routing protocols, this section pertains only to distance vector protocols such as RIP and IGRP.

There are, in fact, two distribute list commands: distribute list in and distribute list out. They are very similar in syntax, but the options available to each and their behavior is very different.

The syntax for the distribute-list in command is shown in Figure .

For example:

access-list 1 permit 1.0.0.0 0.255.255.255
router rip
distribute-list 1 in

Any inbound RIP update will be checked against access-list 1 and only routes that match a 1.xxx.xxx.xxx format will be put in the routing table.

For a given routing process, it is possible to define one inbound interface-specific distribute list per interface, and one globally defined distribute list. For example, the following combination is possible:

access-list 1 permit 1.0.0.0 0.255.255.255
access-list 2 permit 1.2.3.0 0.0.0.255
router rip
distribute-list 2 in Ethernet 0
distribute-list 1 in

Lab Activity
  In this lab, you will learn how to use distribute list to filter routes.