How to use a Distribute-List to Filter out Routing Updates in the Cisco IOS

While using Dynamic routing protocols, at some point, you will want to filter the routes that are sent out from one router to another OR filter routes that are received into your router. One of the easiest ways to do this is to use a distribute-list. Let’s find out how…

What is a Distribute-List?

First off, let me point out that we are not talking about a “distribution-list”. While the word “distribution” may seem to fit better, that is not what it is called. I too, over the years, have periodically called it a distribution list so I first wanted to set the record straight.

A distribute-list is used to control routing updates either coming TO your router or leaving FROM your router. Distribute-lists work on a variety of different IOS routing protocols. Because of that, learning how to use distribute-lists is very valuable.

Sponsored Content

Passwords Haven’t Disappeared Yet

123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?

As distribute-lists use Cisco IOS Access-Lists, you can very granularly define what routes will or won’t be sent out of the router, or received into the router. Let’s find out how they work…

Step 1 – Define what routes you want to filter

Let’s say that you want to filter inbound routes to a router. Start off by taking a look at your current routing table. What networks, exactly, do you want to filter out? Here is a sample routing table, for our example:

Router# show ip route

Codes: C – connected, S – static, I – IGRP, R – RIP, M – mobile, B – BGP

  • D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
  • N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
  • E1 – OSPF external type 1, E2 – OSPF external type 2, E – EGP
  • i – IS-IS, L1 – IS-IS level-1, L2 – IS-IS level-2, ia – IS-IS inter area
  • * – candidate default, U – per-user static route, o – ODR
  • P – periodic downloaded static route

Gateway of last resort is not set

  • is variably subnetted, 3 subnets, 2 masks
  • O [110/11] via, 00:00:10, Ethernet0
  • O [110/11] via, 00:00:10, Ethernet0
  • C is directly connected, Loopback0
  • is subnetted, 1 subnets
  • C is directly connected, Ethernet0

Let’s say that we want to filter out route

Step 2 – Create an ACL to filter out that traffic

Next, we need to define an ACL that identifies that route, denies it, and allows all other traffic. Here is the ACL that I used:

Router(config)# access-list 50 deny

Router(config)# access-list 50 permit any

Step 3 – Create a Distribute-List that references the ACL and defines the direction

Now, you want to create a distribute-list that references this ACL, then specify the direction that the distribute-list will be applied.

The distribute-list is defined underneath the routing process for the protocol that it is being used on. In our case, we want to filter OSPF routes so we go into the OSPF routing process configuration.

Router(config)# router ospf 10

Router(config-router)#distribute-list ?

  • <1-199>     IP access list number
  • <1300-2699> IP expanded access list number
  • WORD        Access-list name
  • gateway     Filtering incoming updates based on gateway
  • prefix      Filter prefixes in routing updates

Router(config-router)#distribute-list 50 ?

  • in  Filter incoming routing updates
  • out Filter outgoing routing updates

Router(config-router)# distribute-list 50 in

Step 4 – Verify that the route has been removed

After you put your new ACL and distribute-list in place, verify that they were successful. Notice how, in the show ip route output below, the no longer shows up.

Router# sh ip ro

(truncated) is variably subnetted, 2 subnets, 2 masks

  • O [110/11] via, 00:11:39, Ethernet0
  • C is directly connected, Loopback0
  • is subnetted, 1 subnets
  • C is directly connected, Ethernet0


Below, you will find graphics of the configurations in place on each side of this distribute-list route filtering:

In Summary

Our route filtering with the distribute-list command was successful. You can use this same concept and procedure to filter out multiple routes from either going in or out of your router. The distribute-list feature works with a number of different routing protocols. You can even specify in the distribute-list command what interfaces you want the command applied to. So, the next time that you need to not send out a route or have a router not receive a route, don’t forget about the distribute-list command (not distribution-list).

For more information on Distribute-lists, see the article Filtering Routing Updates on Distance Vector IP Routing Protocols.

Do you have questions about distribute-lists or the Cisco IOS? If so, please visit our Cisco Router discussion forums.

To learn more about Cisco networking, consider the Train Signal CCNA Video Training package!

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

13 Email Threat Types to Know About Right Now

As email threats evolve and multiply, keeping track of them all—and staying protected against the many different types—becomes a complex challenge. Today, that requires more than just the traditional email gateway solution that used to be good enough.

In this eBook you will learn:

  • What are the most common and challenging email attacks for organizations?
  • How to defend against sophisticated email threats, such as spoofing, social engineering, and fraud
  • How to protect employees at the inbox level with the right technologies and security-awareness training
  • How to use a multilayered protection strategy to reduce susceptibility to email attacks and better defend your business and employees

Sponsored by: