A distribute-list is typically used to filter routing updates either inbound or outbound from a router perspectives usually running some form of dynamic routing protocol. Even though there is the keyword “distribute”, this is not to be confused with route distribution. Again, I think the choice of the terms here could have been better but that’s my personal opinion. The basic idea behind packet filtering is fairly simple, you just specify filter rules and packets are measured against those rules. Packets are then either accepted except those prohibited by a rule or all packets are dropped.

Today, I’m going to show you how to use distribute to filter prefixes. For the sake of this topic, we will use the following topology…

Here we have an OSPF domain and an EIGRP domain which has a couple of Loppback addresses that are redistributed into the OSPF domain. Everything has been pre-configured up to this point, let’s check R1 and make sure the redistributed loopback addresses are received and installed in the routing table…

All right ! We are good at this point ! Now, let’s filter some prefixes using “distribute-list”.

Let’s say we would like to filter Loopback 3 and Loopback 4 from being advertised to R1. So basically, we should not see the 3.0.0.0/24 and the 4.0.0.0/24 prefixes once the filter is in place. Here is what we need to do:

-Create ACL(s) to explicitly permit prefixes or deny prefixes
-Create a Distribute-List calling the ACL(s) and define a direction (Inbound or Outbound)
-Verify route filtering at the remote side

Since R2 is the guy doing the redistribution, we have to configure the above on R2. Let’s configure our ACL(s)…

Here, we have created ACLs to permit Loopback 1 and Loopback 2 prefixes. Note that there is an implicit deny at the end of the ACLs. Let’s configure our “Distribute-List”…

Here, under the OSPF process we’ve configured a distribute-list statement calling ACL 23 and apply it in the outbound direction since we are preventing prefixes sourcing from R3 to R1. Notice how we can call a route-map as well which is nice ! Let’s check the output of the “show ip protocols” and make sure we are seeing the filter list applied…

Fantastic ! Let’s now check R1 routing table and make sure the prefixes are filtered…

Very good ! We have successfully filtered Loopback 3 and Loopback 4 from being advertised out from R2 perspective.

We can use “Distribute-List” in many different scenarios but understanding this topic should do it for now. Please let me know if you have any questions.