Filtering EIGRP redistributed routes

We’ve got a switch with a number of layer 3 interfaces bound to networks which we need in EIGRP. One solution is to use a network statement, but this introduces a few unwanted behaviors, the primary one being that this enables EIGRP on these interfaces which is undesirable. The interfaces in question should not send EIGRP advertisements, and should not listen for them either. Using passive interface is an option, but this is a manual process I wanted to avoid.

We’ve handled this using redistribute connected within the EIGRP configuration. The one catch is that there are very few connected networks which we don’t want advertised. This list isn’t likely to change so manual updates shouldn’t be necessary.

To ensure these few networks are not advertised, a distribute list has been used. Distribute lists are ACLs which define which networks can or cannot be advertised. Like an ACL, they can be applied as either inbound (filter advertisements coming in) or outbound (filter routes being advertised).

The process is extremely simple.

Create the ACL

ip access-list standard EIGRP-Filter-Out
 deny   10.255.255.0 0.0.0.255
 permit any

The above ACL will ensure the 10.255.255.0/24 network will not be advertised, while all other networks will be.

Apply the configuration to EIGRP

router eigrp 10
 distribute-list EIGRP-Filter-Out out