Options

Having issues applying route maps

n3twrk0pn3twrk0p Member Posts: 22 ■□□□□□□□□□
in CCNP
Hello Everyone


I'm trying to configure route-maps to filter a few routes, all config seems to be ok, but for some reason I'm still learning about the intended subnet to be filtered from a branch router. Below is the config I currently have, any ideas why this is happening will be greatly appreciated.


Typology :


(Branch)
(ISP1) with redundancy thru a 2nd ISP (ISP2)

Routes to filter are in bold:


B1#show ip route | i 10.17
D 10.17.3.0/24 [90/4024320] via 10.1.1.5, 00:09:05, Serial0/0.1
D 10.17.2.0/24 [90/4024320] via 10.1.1.5, 00:09:05, Serial0/0.1
D 10.17.1.0/24 [90/4024320] via 10.1.1.5, 00:09:05, Serial0/0.1
D 10.17.4.0/24 [90/4024320] via 10.1.1.5, 00:09:05, Serial0/0.1
B1#show ip route | i 10.16
D 10.16.2.0/24 [90/4024320] via 10.1.1.5, 00:09:07, Serial0/0.1
D 10.16.3.0/24 [90/4024320] via 10.1.1.5, 00:09:07, Serial0/0.1
D 10.16.1.0/24 [90/4024320] via 10.1.1.5, 00:09:07, Serial0/0.1
D 10.16.4.0/24 [90/4024320] via 10.1.1.5, 00:09:07, Serial0/0.1
B1#




Neighbor 10.1.1.5 is ISP 1,


WAN1#show int Serial0/0.2 | i address
Internet address is 10.1.1.5/30
WAN1#



Prefix List being used:


WAN1#show ip prefix-list manu
ip prefix-list manu: 4 entries
seq 5 permit 10.16.3.0/24
seq 10 permit 10.16.4.0/24
seq 15 permit 10.17.3.0/24
seq 20 permit 10.17.4.0/24
WAN1#





Route Map applied:
WAN1#show route-map manufacturing
route-map manufacturing, deny, sequence 5
Match clauses:
ip address prefix-lists: manu
Set clauses:
Policy routing matches: 0 packets, 0 bytes
route-map manufacturing, permit, sequence 10
Match clauses:
Set clauses:
Policy routing matches: 0 packets, 0 bytes
WAN1#






Am I missing something? icon_neutral.gif
· Share on FacebookShare on Twitter

Comments

  • Options
    fredrikjjfredrikjj Member Posts: 879
    You want to filter EIGRP prefixes. You have created a route map that references a prefix list. How are you applying this route map?
    · Share on FacebookShare on Twitter
  • Options
    n3twrk0pn3twrk0p Member Posts: 22 ■□□□□□□□□□
    fredrikjj wrote: »
    You want to filter EIGRP prefixes. You have created a route map that references a prefix list. How are you applying this route map?


    Hi Fredrikjj,

    Please find below how I'm applying the route map:
    WAN1#show run | sec eigrp 1
    router eigrp 1
    offset-list 10 out 6666762 Serial0/0.2
    network 10.1.0.0 0.0.255.255
    network 192.168.200.0
    distribute-list 5 out Serial0/0.1
    distribute-list 5 out Serial0/0.2
    distribute-list route-map manufacturing out
    no auto-summary
    WAN1#

    · Share on FacebookShare on Twitter
  • Options
    AwesomeGarrettAwesomeGarrett Member Posts: 257
    Can you see where the branch router is learning the route from?
    · Share on FacebookShare on Twitter
  • Options
    n3twrk0pn3twrk0p Member Posts: 22 ■□□□□□□□□□
    AwesomeGarrett wrote: »
    Can you see where the branch router is learning the route from?


    The Branch router is learning the route from WAN1 Router:
    B1#show ip route | i 10.17D 10.17.3.0/24 [90/4024320] via 10.1.1.5, 06:36:35, Serial0/0.1
    D 10.17.2.0/24 [90/4024320] via 10.1.1.5, 06:54:18, Serial0/0.1
    D 10.17.1.0/24 [90/4024320] via 10.1.1.5, 06:54:18, Serial0/0.1
    D 10.17.4.0/24 [90/4024320] via 10.1.1.5, 06:36:35, Serial0/0.1
    B1#

    WAN1#show ip int briefInterface IP-Address OK? Method Status Protocol
    Serial0/0 unassigned YES NVRAM up up
    Serial0/0.1 10.1.1.1 YES NVRAM up up
    Serial0/0.2 10.1.1.5 YES NVRAM up up
    Serial0/1 unassigned YES NVRAM administratively down down
    Serial0/2 unassigned YES NVRAM administratively down down
    Serial0/3 unassigned YES NVRAM administratively down down
    Ethernet1/0 192.168.200.5 YES NVRAM up up
    Ethernet1/1 192.168.200.1 YES NVRAM up up
    Ethernet1/2 192.168.200.9 YES NVRAM up up
    Ethernet1/3 unassigned YES NVRAM administratively down down
    WAN1#

    · Share on FacebookShare on Twitter
  • Options
    AwesomeGarrettAwesomeGarrett Member Posts: 257
    Why don't you just use an ACL for the default distribute-list?

    I'm not sure but I believe its a rule in the IOS to use the same filtering tool when filtering on both the interface and the routing process for an IGP. Not sure tho...
    · Share on FacebookShare on Twitter
  • Options
    CodeBloxCodeBlox Member Posts: 1,363 ■■■■□□□□□□


    WAN1#show run | sec eigrp 1
    router eigrp 1
    offset-list 10 out 6666762 Serial0/0.2
    network 10.1.0.0 0.0.255.255
    network 192.168.200.0
    distribute-list 5 out Serial0/0.1
    distribute-list 5 out Serial0/0.2
    distribute-list route-map manufacturing out
    no auto-summary
    WAN1#
    You have multiple distribute lists configured... How is ACL 5 setup??
    Currently reading: Network Warrior, Unix Network Programming by Richard Stevens
    · Share on FacebookShare on Twitter
  • Options
    n3twrk0pn3twrk0p Member Posts: 22 ■□□□□□□□□□
    CodeBlox wrote: »
    You have multiple distribute lists configured... How is ACL 5 setup??


    ACL 5 is configured to filter (deny) a different prefix:
    WAN1#show run | sec eigrp 1
    router eigrp 1
    offset-list 10 out 6666762 Serial0/0.2
    network 10.1.0.0 0.0.255.255
    network 192.168.200.0
    distribute-list 5 out Serial0/0.1
    distribute-list 5 out Serial0/0.2
    distribute-list route-map manufacturing out
    no auto-summary
    WAN1#show access-list 5
    Standard IP access list 5
    10 deny 192.168.200.0, wildcard bits 0.0.0.31 (48 matches)
    20 permit any (162 matches)
    WAN1#

    I could have used a prefix-list instead of a route map but this route map should work regardless and is not, weird...icon_rolleyes.gif

    · Share on FacebookShare on Twitter
  • Options
    n3twrk0pn3twrk0p Member Posts: 22 ■□□□□□□□□□
    After removing the distribute list 5 in bold from EIGRP:
    router eigrp 1
    offset-list 10 out 6666762 Serial0/0.2
    network 10.1.0.0 0.0.255.255
    network 192.168.200.0
    distribute-list 5 out Serial0/0.1
    distribute-list 5 out Serial0/0.2
    distribute-list route-map manufacturing out
    no auto-summary

    The advertisement of the prefix that I needed to be filtered is not being received from the Branch router anymore:
    B1#show ip route | i 10.17.3
    B1#
    B1#show ip route | i 10.17.4
    B1#
    B1#




    This is quite interesting, how is that EIGRP does not allow you to use the distribute-list feature multiple times?
    · Share on FacebookShare on Twitter
  • Options
    AwesomeGarrettAwesomeGarrett Member Posts: 257
    It does but in practice you would normally use the same filtering tool for both. ACL with ACL, prefix list with prefix list, etc.

    When you have mismatching tools, the interface filtering takes precedence. If you used the same tool, for example an ACL, they would work together.
    · Share on FacebookShare on Twitter
  • Options
    CodeBloxCodeBlox Member Posts: 1,363 ■■■■□□□□□□
    Awesome!
    Standard IP access list 5
    10 deny 192.168.200.0, wildcard bits 0.0.0.31 (48 matches)
    20 permit any (162 matches)


    By the way... This is why your routes were being heard. Because of the permit any with sequence number 20. Your ACL distribute list is allowing the routes. Once a permit or deny is matched, that's it. It's safe to say you're never even matching against your prefix list with how you have this configured.
    Currently reading: Network Warrior, Unix Network Programming by Richard Stevens
    · Share on FacebookShare on Twitter
Sign In or Register to comment.