-The route map match command can reference an ACL or prefix list, but doing so does introduce the possibility of confusion.
-The confusing part is that the decision to filter a route or allow the route through is based on the deny or permit in the route-map command, and not the
deny or permit in the ACL or prefix list.
-When referencing an ACL or prefix list from a route map, the ACL or prefix list simply matches all routes permitted by the ACL or prefix list.
-Routes that are denied by the ACL or prefix list simply do not match that match command’s logic, making IOS then consider the next route-map command.
-The route-map command includes an implied deny all clause at the end; to configure a permit all, use the route-map command, with a permit action, but without a match command.
Filter routes received by R7 using distribute lists, prefix lists and route maps:
Objective 1: Router R7 should not learn by EIGRP any routes starting with 192.168.44 and 192.168.55 and prefixes greater than (and including) /24.
Objective 2: R7 should not learn any EIGRP routes to networks with /30 masks.
R7's initial routing table:
R7#sho ip route
...
D 192.168.44.0/24 [90/2809856] via 172.16.0.9, 00:13:47, Serial0/0
172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks
D 172.16.0.12/30 [90/2707456] via 172.16.0.9, 00:13:47, Serial0/0
C 172.16.0.8/30 is directly connected, Serial0/0
D 172.16.0.4/30 [90/2195456] via 172.16.0.9, 00:13:47, Serial0/0
D 172.16.0.0/30 [90/2681856] via 172.16.0.9, 00:13:47, Serial0/0
D 172.16.111.0/24 [90/2297856] via 172.16.0.9, 00:13:47, Serial0/0
D 192.168.55.0/24 [90/2323456] via 172.16.0.9, 00:13:49, Serial0/0
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.0.0.0/30 is directly connected, FastEthernet0/1
R 10.0.200.0/24 [120/1] via 10.0.0.1, 00:00:15, FastEthernet0/1
First we have to configure 2 prefix lists on R6, one for each objective (it can also be done using a single prefix list for both):
R6(config)#ip prefix-list 44-55-routes permit 192.168.44.0/23 ge 24 le 32 (we are using "permit" so the route map match statement will consider this prefix list line; the implicit deny has no impact on the route map)
R6(config)#ip prefix-list 44-55-routes permit 192.168.55.0/23 ge 24 le 32 (same as above)
R6(config)#ip prefix-list slash-30-mask permit 0.0.0.0/0 ge 30 le 30 (same as above)
Next we have to configure the route map:
R6(config)#route-map filter-44-55-slash30 deny 10 (deny what is matched by the prefix list with a permit clause)
R6(config-route-map)#match ip address prefix-list 44-55-routes
R6(config)#route-map filter-44-55-slash30 deny 15 (deny what is matched by the prefix list with a permit clause)
R6(config-route-map)#match ip address prefix-list slash-30-mask
R6(config)#route-map filter-44-55-slash30 permit 20 (permit all other routes; this is necessary because of the implicit deny at the end of every route map)
R6#show route-map
route-map filter-44-55-slash30, deny, sequence 10
Match clauses:
ip address prefix-lists: 44-55-routes
Set clauses:
Policy routing matches: 0 packets, 0 bytes
route-map filter-44-55-slash30, deny, sequence 15
Match clauses:
ip address prefix-lists: slash-30-mask
Set clauses:
Policy routing matches: 0 packets, 0 bytes
route-map filter-44-55-slash30, permit, sequence 20
Match clauses:
Set clauses:
Policy routing matches: 0 packets, 0 bytes
Now we have to reference the route map from a distribute list and apply this list to the EIGRP process:
R6(config-router)#distribute-list route-map filter-44-55-slash30 out serial 0/1
*Mar 1 00:38:33.663: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 172.16.0.10 (Serial0/1) is resync: route configuration changed
Verify the routing table of R7 (all the routes referenced by the route map were not advertised by R6 to R7):
R7#show ip route
...
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.16.0.8/30 is directly connected, Serial0/0
D 172.16.111.0/24 [90/2297856] via 172.16.0.9, 00:41:19, Serial0/0
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.0.0.0/30 is directly connected, FastEthernet0/1
R 10.0.200.0/24 [120/1] via 10.0.0.1, 00:00:14, FastEthernet0/1
No comments:
Post a Comment