How to use a Distribute-List to Filter out Routing Updates in the Cisco IOS

Posted on January 8, 2009 by David Davis in Cisco with 0 Comments

While using Dynamic routing protocols, at some point, you will want to filter the routes that are sent out from one router to another OR filter routes that are received into your router. One of the easiest ways to do this is to use a distribute-list. Let’s find out how…

What is a Distribute-List?

First off, let me point out that we are not talking about a “distribution-list”. While the word “distribution” may seem to fit better, that is not what it is called. I too, over the years, have periodically called it a distribution list so I first wanted to set the record straight.

A distribute-list is used to control routing updates either coming TO your router or leaving FROM your router. Distribute-lists work on a variety of different IOS routing protocols. Because of that, learning how to use distribute-lists is very valuable.

As distribute-lists use Cisco IOS Access-Lists, you can very granularly define what routes will or won’t be sent out of the router, or received into the router. Let’s find out how they work…

Step 1 – Define what routes you want to filter

Let’s say that you want to filter inbound routes to a router. Start off by taking a look at your current routing table. What networks, exactly, do you want to filter out? Here is a sample routing table, for our example:

Router# show ip route

Codes: C – connected, S – static, I – IGRP, R – RIP, M – mobile, B – BGP

  • D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
  • N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
  • E1 – OSPF external type 1, E2 – OSPF external type 2, E – EGP
  • i – IS-IS, L1 – IS-IS level-1, L2 – IS-IS level-2, ia – IS-IS inter area
  • * – candidate default, U – per-user static route, o – ODR
  • P – periodic downloaded static route

Gateway of last resort is not set

  • is variably subnetted, 3 subnets, 2 masks
  • O [110/11] via, 00:00:10, Ethernet0
  • O [110/11] via, 00:00:10, Ethernet0
  • C is directly connected, Loopback0
  • is subnetted, 1 subnets
  • C is directly connected, Ethernet0

Let’s say that we want to filter out route

Step 2 – Create an ACL to filter out that traffic

Next, we need to define an ACL that identifies that route, denies it, and allows all other traffic. Here is the ACL that I used:

Router(config)# access-list 50 deny

Router(config)# access-list 50 permit any

Step 3 – Create a Distribute-List that references the ACL and defines the direction

Now, you want to create a distribute-list that references this ACL, then specify the direction that the distribute-list will be applied.

The distribute-list is defined underneath the routing process for the protocol that it is being used on. In our case, we want to filter OSPF routes so we go into the OSPF routing process configuration.



Router(config)# router ospf 10

Router(config-router)#distribute-list ?

  • <1-199>     IP access list number
  • <1300-2699> IP expanded access list number
  • WORD        Access-list name
  • gateway     Filtering incoming updates based on gateway
  • prefix      Filter prefixes in routing updates

Router(config-router)#distribute-list 50 ?

  • in  Filter incoming routing updates
  • out Filter outgoing routing updates

Router(config-router)# distribute-list 50 in

Step 4 – Verify that the route has been removed

After you put your new ACL and distribute-list in place, verify that they were successful. Notice how, in the show ip route output below, the no longer shows up.

Router# sh ip ro

(truncated) is variably subnetted, 2 subnets, 2 masks

  • O [110/11] via, 00:11:39, Ethernet0
  • C is directly connected, Loopback0
  • is subnetted, 1 subnets
  • C is directly connected, Ethernet0


Below, you will find graphics of the configurations in place on each side of this distribute-list route filtering:

In Summary

Our route filtering with the distribute-list command was successful. You can use this same concept and procedure to filter out multiple routes from either going in or out of your router. The distribute-list feature works with a number of different routing protocols. You can even specify in the distribute-list command what interfaces you want the command applied to. So, the next time that you need to not send out a route or have a router not receive a route, don’t forget about the distribute-list command (not distribution-list).

For more information on Distribute-lists, see the article Filtering Routing Updates on Distance Vector IP Routing Protocols.

Do you have questions about distribute-lists or the Cisco IOS? If so, please visit our Cisco Router discussion forums.

To learn more about Cisco networking, consider the Train Signal CCNA Video Training package!