cis185 bsci-lecture3-eigrp-part2
DESCRIPTION
TRANSCRIPT
1
Please wait, CIS 185 will begin shortly… (5:30pm)
CIS 185 Advanced Routing ProtocolsEIGRP Part 2
Rick Graziani
Cabrillo College
Last Updated: Fall 2009
3
EIGRP Part 1
Review Wildcard masks Authentication Passive Interfaces Stuck-in-active Stub Routers Offsets Variance Ip-bandwidth percent
Frame Relay Bandwidth Distribute Lists
With ACLs With Prefix-Lists With Route Maps
Summarization Default Route
4
Thanks Wendell Odom!
Much of the information used in this chapter is from the new Cisco Press BSCI Exam Certification Guide by Wendell Odom. (Not yet released at the time of this writing.)
I highly recommend this book!
5
Point-to-Point
Because there is a maximum of 256Kbps available on the access circuit, we cannot allow any individual PVC to handle more than 25Kbps (256/10).
Since this data rate is fairly low, and we don't expect very much user data traffic, we can allow EIGRP to use up to 90% of the bandwidth.
interface Serial 0
encapsulation frame-relay
interface Serial 0.1 point-to-point
bandwidth 25
ip bandwidth-percent eigrp 123 90
…
interface Serial 0.10 point-to-point
bandwidth 25
ip bandwidth-percent eigrp 123 90
256 / 10 = 25
6
Multipoint
If the virtual circuits are of different capacities, The bandwidth must be set to take into account the lowest capacity
virtual circuit. Example, if a T1 access line has three 256Kbps VCs and one
56Kbps VC, the bandwidth should be set to 224Kbps (4 * 56Kbps). Bandwidth equals the CIR rate of the lowest speed connection
multiplied by the number of circuits.
interface Serial 0
encapsulation frame-relay
interface Serial 0.1 multipoint
bandwidth 224
Lowest speed connection = 56 Kbps
4 * 56 = 224
7
Our Topology
Print this out
8
EIGRP Route Filtering
Route Filtering Allows an engineer to filter which routes are advertised in an
EIGRP update. Reasons
Branch Offices only need to communicate with Headquarters, not with each other.
Smaller Routing Tables Security
10.17.32.0/2310.17.34.0/2410.17.35.0/2510.17.32.128/2510.17.36.0/2610.17.36.64/26 10.17.32.0/23
10.17.34.0/24
9
EIGRP Route Filtering
Drawback Network engineers have the additional troubleshooting challenge
deciding whether it was due to a failure in the network or because of their design decision.
No route for 10.17.35.0/25 DROP REPLY
ping 172.16.1.10
10
EIGRP Route Filtering
EIGRP uses a distribute-list router subcommand. Distribute List refers to:
ACL Prefix List Route Map
Uses an ACL or Prefix List
Distribute List
ACL Prefix-List Route-Map
11
Inbound interfaces: Affects only the routing updates inbound on that interface. Same update may come from another interface from the same
(LAN) or different (serial) router. Note: This does not permit/deny other packets from entering the
routers, only which updates a router will send or receive.
Router(config-router)#distribute-list access-list-number in [interface-name]
Route Filters - Inbound
12
Outbound interfaces: Affects only the routing updates outbound on that interface.
Router(config-router)#distribute-list access-list-number out [interface-name | routing-process | as-number]
Route Filters Outbound
13
Route Filters
For each interface and routing process, Cisco IOS permits:
• One incoming global distribute-list
• One outgoing global distribute-list
• One incoming distribute-list per interface
• One outgoing distribute-list per interface
RTZ(config)# router eigrp 1
RTZ(config-router)# distribute-list 1 in
RTZ(config-router)# distribute-list 2 out
RTZ(config-router)# distribute-list 3 in serial 0/0
RTZ(config-router)# distribute-list 4 out serial 0/0
14
Route Filters - VerificationRTZ(config)#router eigrp 1
RTZ(config-router)#distribute-list 1 in
RTZ(config-router)#distribute-list 2 out
RTZ(config-router)#distribute-list 3 in e0
RTZ(config-router)#distribute-list 4 out e0
RTZ#show ip protocols
Routing Protocol is "rip"
Sending updates every 30 seconds, next due in 25 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Outgoing update filter list for all interfaces is 2
Ethernet0 filtered by 4
Incoming update filter list for all interfaces is 1
Ethernet0 filtered by 3
15
Route Filters and Link State Routing Protocols
Routers running link state protocols determine their routes based on information in their link state database, rather than the advertised route entries of its neighbors.
Route filters have a different effect on link state advertisements or the link state database. Remember, a basic requirement of link state routing protocols is
that routers in an area must have identical link state databases. We will examine route filters and link state routing protocols later with
OSPF.
16
Distribute Lists and ACLs
EIGRP uses a distribute-list router subcommand. Distribute List refers to:
ACL Prefix List Route Map
Uses an ACL or Prefix List
Distribute List
ACL Prefix-List Route-Map
17
Distribute Lists and ACLs
Objective: Deny R4 from learning about the 10.17.35.0/25 network. Create a distribute-list outbound serial 0/2
Refer to access-list 2 To filter EIGRP routes using an ACL:
ACL deny – filters the route ACL permit - allows route to be advertised
R3(config)# router eigrp 1
R3(config-router)# distribute-list 2 out ser 0/2
R3(config)# access-list 2 deny 10.17.35.0 0.0.0.127
R3(config)# access-list 2 permit any
18
ACL Ranges
What if we needed to filter a range of networks? We could use several ACL statements or use the wildcard mask to
specify a range. What range of networks does this network/wildcard mask
summarize?
R3(config)# router eigrp 1
R3(config-router)# distribute-list 2 out ser 0/2
R3(config)# access-list 2 deny 10.17.32.0 0.0.7.255
R3(config)# access-list 2 permit any
19
ACL Ranges
It’s easy! Start with the addresses in ACL which is the low end: 10.17.32.0 Add the wildcard mask: 0.0.7.255 The result is the high end of the range! ACL range: 10.17.32.0 through 10.17.39.255
R3(config)# access-list 2 deny 10.17.32.0 0.0.7.255
Low end 10.17.32.0
Wildcard mask + 0. 0. 7.255
--------------
High end 10.17.39.255
20
ACL Ranges
This distribute list filters all EIGRP updates for the LANs, 10.17.32.0 through 10.17.36.64, going to R4 ACL range: 10.17.32.0 through 10.17.39.255
R3(config)# router eigrp 1
R3(config-router)# distribute-list 2 out ser 0/2
R3(config)# access-list 2 deny 10.17.32.0 0.0.7.255
R3(config)# access-list 2 permit any
Filtered
21
access-list 3 deny...?
What address or range of addresses do these ACLs deny? Exactly the prefix 10.17.32.0, (does not match any other routes) All prefixes that begin "10.17.32“, 10.17.32.0 – 10.17.32.255. All prefixes in the range 10.17.32.0 – 10.17.35.255. All prefixes in the range 10.16.0.0 – 10.17.255.255
ACL range: 10.17.32.0 through 10.17.39.255
access-list 3 deny 10.17.32.0
access-list 4 deny 10.17.32.0 0.0.0.255
access-list 5 deny 10.17.32.0 0.0.3.255
access-list 6 deny 10.16.0.0 0.1.255.255
22
Verifying - BEFORE Distribute List
Notice the option with the pipe!
R4# show ip route | include 10. 10.0.0.0/8 is variably subnetted, 8 subnets, 4 masks
D 10.0.0.8/30 [90/2681856] via 10.0.0.13, 00:06:28, Ser0/0
C 10.0.0.12/30 is directly connected, Serial0/0
D 10.0.0.0/30 [90/3193856] via 10.0.0.13, 00:06:28, Ser0/0
D 10.0.0.4/30 [90/2681856] via 10.0.0.13, 00:06:28, Ser0/0
D 10.17.35.0/25 [90/2684416] via 10.0.0.13, 00:06:15, Ser0/0
D 10.17.34.0/24 [90/2684416] via 10.0.0.13, 00:03:04, Ser0/0
D 10.17.32.0/23 [90/2684416] via 10.0.0.13, 00:05:58, Ser0/0
D 10.17.36.0/26 [90/2172416] via 10.0.0.13, 00:06:28, Ser0/0
D 10.17.36.64/26 [90/2172416] via 10.0.0.13, 00:06:28,Ser0/0
23
Verifying – BEFORE Distribute List
R4# show ip route | include 10.17D 10.17.35.0/25 [90/2684416] via 10.0.0.13, 00:04:16, Ser0/0
D 10.17.34.0/24 [90/2684416] via 10.0.0.13, 00:03:04, Ser0/0
D 10.17.32.0/23 [90/2684416] via 10.0.0.13, 00:03:59, Ser0/0
D 10.17.36.0/26 [90/2172416] via 10.0.0.13, 00:04:29, Ser0/0
D 10.17.36.64/26 [90/2172416] via 10.0.0.13, 00:04:29,Ser0/0
24
Distribute List
This distribute list filters all EIGRP updates for the LANs, 10.17.32.0 through 10.17.36.64, going to R4. ACL range: 10.17.32.0 through 10.17.39.255
R3(config)# router eigrp 1
R3(config-router)# distribute-list 2 out ser 0/2
R3(config)# access-list 2 deny 10.17.32.0 0.0.7.255
R3(config)# access-list 2 permit any
01:31:34: %DUAL-5-NBRCHANGE: IP-EIGRP 1: Neighbor 10.0.0.14 (Serial0/2) is down: route configuration changed
01:31:38: %DUAL-5-NBRCHANGE: IP-EIGRP 1: Neighbor 10.0.0.14 (Serial0/2) is up: new adjacency
25
Verifying Distribute List - AFTER
Only has serial “10” networks which were not in the range ACL range: 10.17.32.0 through 10.17.36.64 ACL range: 10.17.32.0 through 10.17.39.255
R4# show ip route
172.16.0.0/24 is subnetted, 2 subnets
C 172.16.1.0 is directly connected, FastEthernet0/0
C 172.16.2.0 is directly connected, FastEthernet0/1
10.0.0.0/30 is subnetted, 4 subnets
D 10.0.0.8 [90/2681856] via 10.0.0.13, 00:01:26, Serial0/0
C 10.0.0.12 is directly connected, Serial0/0
D 10.0.0.0 [90/3193856] via 10.0.0.13, 00:01:26, Serial0/0
D 10.0.0.4 [90/2681856] via 10.0.0.13, 00:01:26, Serial0/0
26
Verifying Distribute List - AFTER
R4 does not have any of the “10.17” routes. R1 still has all the routes, including the “10.17” routes.
R4# show ip route | include 10.17R4#
R1# show ip route | include 10.17D 10.17.35.0/25 [90/2172416] via 10.0.0.2, 00:25:50, Ser0/0
C 10.17.34.0/24 is directly connected, FastEthernet0/1
C 10.17.32.0/23 is directly connected, FastEthernet0/0
D 10.17.36.0/26 [90/2172416] via 10.0.0.6, 00:25:50, Ser0/1
D 10.17.36.64/26 [90/2172416] via 10.0.0.6, 00:25:50,Ser0/1
R1#
27
Distribute Lists and Prefix Lists
Prefix-list uses a distribute-list router subcommand. Another tool for matching routes. Can examine both the prefix (network address) and the prefix length
(subnet mask). Or a range of ether
ACLs matched only the prefix of the route (subnet number), IP prefix lists always examine both the prefix and prefix length.
Distribute List
ACL Prefix-List Route-Map
28
Prefix-list concepts
The route prefix (the subnet number) The prefix length (the subnet mask) Each command has a permit or deny action
Only used for matching routes. Not used for packet filtering. Just implies whether a route is matched (permit) or not (deny).
Sequence numbers are used for the insertion and deletion of individual commands.
ip prefix-list list-name [seq seq-value] {deny | permit prefix/prefix-length}[ge ge-value] [le le-value]
29
Prefix-list Concepts
Prefix-list Logic:
1. The route’s prefix must be within the range of addresses implied by the prefix-list command’s prefix/prefix-length parameters.
2. The route’s prefix length must match the range of prefixes implied by the prefix-list command's prefix-length, ge, and le parameters.
What???
ip prefix-list list-name [seq seq-value] {deny | permit prefix/prefix-length}[ge ge-value] [le le-value]
30
Prefix-list concepts
Examining the Prefix prefix/prefix-length –
Prefix: Address to be used for matching. Prefix length: How much of the address must match.
10.0.0.0/8 Any number (address) whose first 8 bits (/8) match 10.0.0.0.
Examples coming soon!
ip prefix-list list-name [seq seq-value] {deny | permit prefix/prefix-length}[ge ge-value] [le le-value]
31
Prefix-list concepts
Examining the Prefix Length Blank: Exact match. ge ge-value: Subnet mask must be at least this length up to /32. le le-value: Subnet mask must be this length or less, but at
least the length of the prefix-length. ge ge-value le le-value: Subnet mask must fall within this
range The ge value must be larger than the configured prefix length in the
base part of the command. ip prefix-list list1 permit 1.0.0.0/8 ge 7 would
be rejected The ge value (7) is less than the configured prefix-length (/8).
Examples coming next!
ip prefix-list list-name [seq seq-value] {deny | permit prefix/prefix-length}[ge ge-value] [le le-value]
32
Match the Prefix List with the appropriate routes
10.0.0.0/8 Routes matched: 1 Reason: Without ge or le configured, both the prefix (10.0.0.0) and
length (8) must be an exact match.
1. 10.0.0.0/8
2. 10.128.0.0/9
3. 10.1.1.0/24
4. 10.1.2.0/24
5. 10.128.10.4/30
6. 10.128.10.8/30
33
Match the Prefix List with the appropriate routes
10.0.0.0/8 ge 9 Routes matched: 2 - 6 Reason: The 10.0.0.0/8 means “all routes whose first octet is 10”.
The prefix length must be between 9 and 32, inclusive.
1. 10.0.0.0/8
2. 10.128.0.0/9
3. 10.1.1.0/24
4. 10.1.2.0/24
5. 10.128.10.4/30
6. 10.128.10.8/30
34
Match the Prefix List with the appropriate routes
10.0.0.0/8 ge 24 le 24 Routes matched: 3, 4 Reason: The 10.0.0.0/8 means “all routes whose first octet is 10,”
and the prefix range is 24 to 24 — meaning only routes with prefix length 24.
1. 10.0.0.0/8
2. 10.128.0.0/9
3. 10.1.1.0/24
4. 10.1.2.0/24
5. 10.128.10.4/30
6. 10.128.10.8/30
35
Match the Prefix List with the appropriate routes
10.0.0.0/8 le 28 Routes matched: 1 - 4 Reason: The prefix length needs to be between 8 and 28, inclusive.
1. 10.0.0.0/8
2. 10.128.0.0/9
3. 10.1.1.0/24
4. 10.1.2.0/24
5. 10.128.10.4/30
6. 10.128.10.8/30
36
Match the Prefix List with the appropriate routes
0.0.0.0/0 Routes matched: none Reason:
0.0.0.0/0 means “match all prefixes”. Because no le nor ge parameter is configured, the /0 also
means that the prefix length must be exactly 0. Only a default route would match this prefix list.
1. 10.0.0.0/8
2. 10.128.0.0/9
3. 10.1.1.0/24
4. 10.1.2.0/24
5. 10.128.10.4/30
6. 10.128.10.8/30
37
Match the Prefix List with the appropriate routes
0.0.0.0/0 le 32 Routes matched: All Reason:
The range implied by 0.0.0.0/0 is all IPv4 addresses. The le 32 then implies any prefix length between 0 and 32,
inclusive. This is the syntax for “match all” prefix list logic.
1. 10.0.0.0/8
2. 10.128.0.0/9
3. 10.1.1.0/24
4. 10.1.2.0/24
5. 10.128.10.4/30
6. 10.128.10.8/30
38
Distribute Lists and Prefix Lists
Using the prefix-list with the distribute list is easy now!
Distribute List
ACL Prefix-List Route-Map
39
Distribute Lists and Prefix Lists
Remove the previous distribute list and ACLs if appropriate.
R3(config)# no access-list 2 deny 10.17.32.0 0.0.7.255
R3(config)# no access-list 2 permit any
R3(config)# router eigrp 1
R3(config-router)# no distribute-list 2 out ser 0/2
40
Distribute Lists and Prefix Lists
Objectives - Routes going to R4: Filter only those routes which begin with 10.17.35 with a /25 mask and 10.17.36 with a /26 mask. Filter /30 routes
Filtered
R4# show ip route | include 10.
10.0.0.0/8 is variably subnetted, 8 subnets, 4 masks
D 10.0.0.8/30 [90/2681856] via 10.0.0.13, 00:02:34, Serial0/0
C 10.0.0.12/30 is directly connected, Serial0/0
D 10.0.0.0/30 [90/3193856] via 10.0.0.13, 00:02:30, Serial0/0
D 10.0.0.4/30 [90/2681856] via 10.0.0.13, 00:02:34, Serial0/0
D 10.17.35.0/25 [90/2684416] via 10.0.0.13, 00:02:31, Serial0/0
D 10.17.34.0/24 [90/2684416] via 10.0.0.13, 00:03:04, Serial0/0
D 10.17.32.0/23 [90/2684416] via 10.0.0.13, 00:02:31, Serial0/0
D 10.17.36.0/26 [90/2172416] via 10.0.0.13, 00:02:36, Serial0/0
D 10.17.36.64/26 [90/2172416] via 10.0.0.13, 00:02:36, Serial0/0
BEFORE
Not Filtered
41
Distribute Lists and Prefix Lists
Objectives - Routes going to R4: Filter only those routes which begin with 10.17.35 with a /25 mask
and 10.17.36 with a /26 mask. Filter /30 routes
R3(config)# router eigrp 1
R3(config-router)# distribute-list prefix no-r1-r2-slash30 out Serial0/2
R3(config)# ip prefix-list no-r1-r2-slash30 seq 5 deny 10.17.35.0/24 ge 25 le 25
R3(config)# ip prefix-list no-r1-r2-slash30 seq 10 deny 10.17.36.0/24 ge 26 le 26
R3(config)# ip prefix-list no-r1-r2-slash30 seq 15 deny 0.0.0.0/0 ge 30 le 30
R3(config)# ip prefix-list no-r1-r2-slash30 seq 20 permit 0.0.0.0/0 le 32
42
Distribute Lists and Prefix Lists
Sequence number 5 - Matches 10.17.35.0/25 and 10.17.35.128/25• Matches prefix: 24 bits of 10.17.35 routes. • Matches prefix-lists: exactly /25.
R3(config)# router eigrp 1
R3(config-router)# distribute-list prefix no-r1-r2-slash30 out Serial0/2
R3(config)# ip prefix-list no-r1-r2-slash30 seq 5 deny 10.17.35.0/24 ge 25 le 25
43
Distribute Lists and Prefix Lists
Sequence number 10 - Matches routes 10.17.36.0/26 and 10.17.36.64/26.
• Matches prefix: 24 bits of 10.17.36 routes. • Matches prefix-lists: exactly /26.
R3(config)# router eigrp 1
R3(config-router)# distribute-list prefix no-r1-r2-slash30 out Serial0/2
R3(config)# ip prefix-list no-r1-r2-slash30 seq 5 deny 10.17.35.0/24 ge 25 le 25
R3(config)# ip prefix-list no-r1-r2-slash30 seq 10 deny 10.17.36.0/24 ge 26 le 26
44
Distribute Lists and Prefix Lists
Sequence number 15 - uses wildcard logic (0.0.0.0/0) to match all. • Matches prefix: Match all (0.0.0.0/0). • Matches prefix-lists: exactly /30.
R3(config)# router eigrp 1
R3(config-router)# distribute-list prefix no-r1-r2-slash30 out Serial0/2
R3(config)# ip prefix-list no-r1-r2-slash30 seq 5 deny 10.17.35.0/24 ge 25 le 25
R3(config)# ip prefix-list no-r1-r2-slash30 seq 10 deny 10.17.36.0/24 ge 26 le 26
R3(config)# ip prefix-list no-r1-r2-slash30 seq 15 deny 0.0.0.0/0 ge 30 le 30
45
Distribute Lists and Prefix Lists
Sequence number 20 - uses wildcard logic (0.0.0.0/0) to match all. • Matches prefix: Match all (0.0.0.0/0). • Matches prefix-lists: All prefixes (le 32).
R3(config)# router eigrp 1
R3(config-router)# distribute-list prefix no-r1-r2-slash30 out Serial0/2
R3(config)# ip prefix-list no-r1-r2-slash30 seq 5 deny 10.17.35.0/24 ge 25 le 25
R3(config)# ip prefix-list no-r1-r2-slash30 seq 10 deny 10.17.36.0/24 ge 26 le 26
R3(config)# ip prefix-list no-r1-r2-slash30 seq 15 deny 0.0.0.0/0 ge 30 le 30
R3(config)# ip prefix-list no-r1-r2-slash30 seq 20 permit 0.0.0.0/0 le 32
46
Verifying Distribute Lists and Prefix Lists
Objectives - Routes going to R4: Filter only those routes which begin with 10.17.35 with a /25 mask and 10.17.36 with a /26 mask. Filter /30 routes
Filtered
R4# show ip route | include 10.
10.0.0.0/8 is variably subnetted, 8 subnets, 4 masks
D 10.0.0.8/30 [90/2681856] via 10.0.0.13, 00:02:34, Serial0/0
C 10.0.0.12/30 is directly connected, Serial0/0
D 10.0.0.0/30 [90/3193856] via 10.0.0.13, 00:02:30, Serial0/0
D 10.0.0.4/30 [90/2681856] via 10.0.0.13, 00:02:34, Serial0/0
D 10.17.35.0/25 [90/2684416] via 10.0.0.13, 00:02:31, Serial0/0
D 10.17.34.0/24 [90/2684416] via 10.0.0.13, 00:03:04, Serial0/0
D 10.17.32.0/23 [90/2684416] via 10.0.0.13, 00:02:31, Serial0/0
D 10.17.36.0/26 [90/2172416] via 10.0.0.13, 00:02:36, Serial0/0
D 10.17.36.64/26 [90/2172416] via 10.0.0.13, 00:02:36, Serial0/0
BEFORE
Not Filtered
47
Verifying Distribute List with Prefix List
Objectives - Routes going to R4: Filter only those routes which begin with 10.17.35 with a /25 mask
and 10.17.36 with a /26 mask. Filter /30 routes
R4# show ip route
172.16.0.0/24 is subnetted, 2 subnets
C 172.16.1.0 is directly connected, FastEthernet0/0
C 172.16.2.0 is directly connected, FastEthernet0/1
10.0.0.0/8 is variably subnetted, 3 subnets, 3 masks
C 10.0.0.12/30 is directly connected, Serial0/0
D 10.17.34.0/24 [90/2684416] via 10.0.0.13, 00:03:04, Serial0/0
D 10.17.32.0/23 [90/2684416] via 10.0.0.13, 00:08:59, Serial0/0
AFTER
48
Distribute Lists and Route Maps
Route maps are used for various things including: Policy Routing – Sophisticated static routes Route Filtering during redistribution Setting BGP attributes Route Filtering with distribute lists
Similar logic to the If/Then/Else logic seen in programming languages.
Additional features but can be tricky to configure.
Distribute List
ACL Prefix-List Route-Map
49
Distribute Lists and Route Maps
Seq #5: deny, discard or filter all routes matched by the match command (1st set of criteria)
Seq #10: permit, allow through all routes matched by the match command (2nd set of criteria)
Seq #30: deny, discard or filter all routes matched by the match command (3rd set of criteria)
Seq #35: permit. The absence of a match command means "match all", so allow through all remaining routes
RTZ(config)# router eigrp 1
RTZ(config-router)# distribute-list route-map sample-map out
RTZ(config)# route-map sample-map deny 5
RTZ(config-route-map)# match (1st set of criteria)
RTZ(config)# route-map sample-map permit 10
RTZ(config-route-map)# match (2nd set of criteria)
RTZ(config)# route-map sample-map deny 30
RTZ(config-route-map)# match (3rd set of criteria)
RTZ(config)# route-map sample-map permit 35
50
Distribute Lists and Route Maps
Match command references: ACL Prefix List
IMPORTANT: The decision to filter a route or allow the route through is based on the deny or permit in the route-map command, and not the deny or permit in the ACL or prefix list.
RTZ(config)# router eigrp 1
RTZ(config-router)# distribute-list route-map sample-map out
RTZ(config)# route-map sample-map deny 5
RTZ(config-route-map)# match (1st set of criteria)
RTZ(config)# route-map sample-map permit 10
RTZ(config-route-map)# match (2nd set of criteria)
RTZ(config)# route-map sample-map deny 30
RTZ(config-route-map)# match (3rd set of criteria)
RTZ(config)# route-map sample-map permit 35
51
Route-map with permit Match: Allow route to go through No match: Remain in the list and go to next route-map command
Route-map with deny Match: Filter the route No match: Remain in the list and go to next route-map command
If match command refers to ACL or Prefix List with a: Permit: If there is a match proceed with permit/deny in route-map. Deny: Not necessarily filtered, just doesn’t match and proceed to
next match command. (Less common)
RTZ(config)# route-map sample-map deny 5
RTZ(config-route-map)# match (1st set of criteria)
RTZ(config)# route-map sample-map permit 10
RTZ(config-route-map)# match (2nd set of criteria)
RTZ(config)# route-map sample-map deny 30
RTZ(config-route-map)# match (3rd set of criteria)
RTZ(config)# route-map sample-map permit 35
52
Distribute Lists and Route Maps
Objectives - Routes going to R4: (Same as before) Filter only those routes which begin with 10.17.35 with a /25 mask and 10.17.36 with a /26 mask. Filter /30 routes
Filtered
R4# show ip route | include 10.
10.0.0.0/8 is variably subnetted, 8 subnets, 4 masks
D 10.0.0.8/30 [90/2681856] via 10.0.0.13, 00:02:34, Serial0/0
C 10.0.0.12/30 is directly connected, Serial0/0
D 10.0.0.0/30 [90/3193856] via 10.0.0.13, 00:02:30, Serial0/0
D 10.0.0.4/30 [90/2681856] via 10.0.0.13, 00:02:34, Serial0/0
D 10.17.35.0/25 [90/2684416] via 10.0.0.13, 00:02:31, Serial0/0
D 10.17.34.0/24 [90/2684416] via 10.0.0.13, 00:03:04, Serial0/0
D 10.17.32.0/23 [90/2684416] via 10.0.0.13, 00:02:31, Serial0/0
D 10.17.36.0/26 [90/2172416] via 10.0.0.13, 00:02:36, Serial0/0
D 10.17.36.64/26 [90/2172416] via 10.0.0.13, 00:02:36, Serial0/0
BEFORE
Not Filtered
53
Filter (deny) routes that match the prefix-list: 10.17.35.0/25 10.17.36.0/26
Filter (deny) routes that match the prefix-list: All /30 routes. route-map with a permit action and no match command:
Default action is to allow the route to be advertised.
router eigrp 1
distribute-list route-map filter-lan-slash30 out
route-map filter-lan-slash30 deny 8
match ip address prefix-list lans
route-map filter-lan-slash30 deny 15
match ip address prefix-list slash30
route-map filter-lan-slash30 permit 23
ip prefix-list lans seq 5 permit 10.17.35.0/24 ge 25 le 25
ip prefix-list lans seq 10 permit 10.17.36.0/24 ge 26 le 26
ip prefix-list slash30 seq 5 permit 0.0.0.0/0 ge 30 le 30
54
Verifying Distribute List with Route Map
Objectives - Routes going to R4: Filter only those routes which begin with 10.17.35 with a /25 mask
and 10.17.36 with a /26 mask. Filter /30 routes
R4# show ip route
172.16.0.0/24 is subnetted, 2 subnets
C 172.16.1.0 is directly connected, FastEthernet0/0
C 172.16.2.0 is directly connected, FastEthernet0/1
10.0.0.0/8 is variably subnetted, 3 subnets, 3 masks
C 10.0.0.12/30 is directly connected, Serial0/0
D 10.17.34.0/24 [90/2684416] via 10.0.0.13, 00:03:04, Serial0/0
D 10.17.32.0/23 [90/2684416] via 10.0.0.13, 00:08:59, Serial0/0
AFTER
EIGRP Summarization and Default Routes
A CCNA Review
56
For the rest of this presentation
Using information from the book: Routing Protocols
and Concepts By Rick Graziani
and Allan Johnson ISBN: 1-58713-
206-0 ISBN-13: 978-
58713-206-3 A great gift for a loved
one!
57
Summarization
Benefits: Smaller routing tables Reduces Query scope:
EIGRP Query stops at a router which has a summary route that includes the subnet listed in the Query, but not the specific route listed in the Query
EIGRP supports summarization on any router in the network Trade-offs:
Can cause suboptimal routing Packets destined for inaccessible destinations will flow to the
summarizing router before being discarded
Note: If a packet matches two routes in the routing table, the best match will be the route with the longest-bit-match, the route with the longer prefix-length (subnet mask).
58
EIGRP Summarization – Odds and Ends An EIGRP router can summarize routes.
OSPF: Summarization can only take place on the ABRs and ASBRs.
The summary route's metric is based on the lowest metric route upon which the summary route is based. The summary route will us a metric equal to the metric of the
lowest metric subordinate route.
Manual summarization creates a Null0 summary on the router doing the summarization.
R3(config)# interface serial 0/0/1
R3(config-if)# ip summary-address eigrp 1 192.168.0.0 255.255.252.0
R3# show ip route
<output omitted>
D 192.168.0.0/22 is a summary, 00:00:06, Null0
Creates a Null0 summary route
59
The Null0 Summary Route
EIGRP automatically includes a Null0 summary route as a child route whenever both of the following conditions exist: There is at least one subnet that was learned via EIGRP. Automatic summarization is enabled. (By default with EIGRP)
What if R1 received a packet: 172.16.4.10 It would be discarded – never looking for a supernet or default route Regardless of ip classless or no ip classless command
R1# show ip route
192.168.10.0/24 is variably subnetted, 3 subnets, 2 masks
D 192.168.10.0/24 is a summary, 00:45:09, Null0
C 192.168.10.4/30 is directly connected, Serial0/0/1
D 192.168.10.8/30 [90/3523840] via 192.168.10.6, 00:44:56, S0/0/1
172.16.0.0/16 is variably subnetted, 4 subnets, 3 masks
D 172.16.0.0/16 is a summary, 00:46:10, Null0
C 172.16.1.0/24 is directly connected, FastEthernet0/0
D 172.16.2.0/24 [90/40514560] via 172.16.3.2, 00:45:09, S0/0/0
C 172.16.3.0/30 is directly connected, Serial0/0/0
D 192.168.1.0/24 [90/2172416] via 192.168.10.6, 00:44:55, Serial0/0/1
60
Disabling Automatic Summarization
Like RIP, EIGRP automatically summarizes at major network boundaries using the default auto-summary command.
R3# show ip route
192.168.10.0/24 is variably subnetted, 3 subnets, 2 masks
D 192.168.10.0/24 is a summary, 01:08:35, Null0
C 192.168.10.4/30 is directly connected, Serial0/0/0
C 192.168.10.8/30 is directly connected, Serial0/0/1
D 172.16.0.0/16 [90/2172416] via 192.168.10.5, 01:08:30, Serial0/0/0
C 192.168.1.0/24 is directly connected, FastEthernet0/0
172.16.0.0/16
61
Disabling Automatic Summarization
Both R1 and R2 automatically summarizing. R1 is the successor because of the difference in bandwidth.
R3# show ip route
192.168.10.0/24 is variably subnetted, 3 subnets, 2 masks
D 192.168.10.0/24 is a summary, 01:08:35, Null0
C 192.168.10.4/30 is directly connected, Serial0/0/0
C 192.168.10.8/30 is directly connected, Serial0/0/1
D 172.16.0.0/16 [90/2172416] via 192.168.10.5, 01:08:30, Serial0/0/0
C 192.168.1.0/24 is directly connected, FastEthernet0/0
172.16.0.0/16
172.16.0.0/16
62
Disabling Automatic Summarization
Is this the best route for all 172.16.0.0 subnets? No, suboptimal routing may occur. R3 will route all packets destined for 172.16.2.0 through R1.
Solution? Need R1 and R2 to send individual subnets. R1 and R2 must stop automatically summarizing 172.16.0.0/16.
R3# show ip route
<output omitted>
D 172.16.0.0/16 [90/2172416] via 192.168.10.5, 01:08:30, Serial0/0/0
172.16.0.0/16
63
Disabling Automatic Summarization
Automatic summarization can be disabled with the no auto-summary. The router configuration command eigrp log-neighborchanges is on by
default on some IOS implementations. .
R1(config)# router eigrp 1
R1(config-router)# no auto-summary
%DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 172.16.3.2 (Serial0/0/0) is resync: summary configured
%DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 172.16.3.2 (Serial0/0/0) is down: peer restarted
%DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 172.16.3.2 (Serial0/0/0) is up: new adjacency
<output omitted>
R2(config)# router eigrp 1
R2(config-router)# no auto-summary
R3(config)# router eigrp 1
R3(config-router)# no auto-summary
64
R1 no more Null0 summary routes:
D 192.168.10.0/24 is a summary, 00:45:09, Null0
D 172.16.0.0/16 is a summary, 00:46:10, Null0 What does this mean?
This mean any packets for their parent networks that do not match a child route, the routing table will check supernet and default routes.
Unless no ip classess is used
R1# show ip route
192.168.10.0/30 is subnetted, 2 subnets
C 192.168.10.4 is directly connected, Serial0/0/1
D 192.168.10.8 [90/3523840] via 192.168.10.6, 00:16:55, S0/0/1
172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
C 172.16.1.0/24 is directly connected, FastEthernet0/0
D 172.16.2.0/24 [90/3526400] via 192.168.10.6, 00:16:53, S0/0/1
C 172.16.3.0/30 is directly connected, Serial0/0/0
D 192.168.1.0/24 [90/2172416] via 192.168.10.6, 00:16:52, Serial0/0/1
Disabling Automatic Summarization
65
R2 no more Null0 summary routes :
D 192.168.10.0/24 is a summary, 00:00:15, Null0
D 172.16.0.0/16 is a summary, 00:00:15, Null0
R2# show ip route
192.168.10.0/30 is subnetted, 2 subnets
D 192.168.10.4 [90/3523840] via 192.168.10.10, 00:15:44, S0/0/1
C 192.168.10.8 is directly connected, Serial0/0/1
172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
D 172.16.1.0/24 [90/3526400] via 192.168.10.10, 00:15:44, S0/0/1
C 172.16.2.0/24 is directly connected, FastEthernet0/0
C 172.16.3.0/30 is directly connected, Serial0/0/0
10.0.0.0/30 is subnetted, 1 subnets
C 10.1.1.0 is directly connected, Loopback1
D 192.168.1.0/24 [90/3014400] via 192.168.10.10, 00:15:44, S0/0/1
Disabling Automatic Summarization
66
Why does R3’s routing table now have two equal-cost paths to 172.16.3.0/24? Shouldn’t the best path only be through R1 with the 1544-Mbps link?
R3# show ip route
192.168.10.0/30 is subnetted, 2 subnets
C 192.168.10.4 is directly connected, Serial0/0/0
C 192.168.10.8 is directly connected, Serial0/0/1
172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
D 172.16.1.0/24 [90/2172416] via 192.168.10.5, 00:00:11, S0/0/0
D 172.16.2.0/24 [90/3014400] via 192.168.10.9, 00:00:12, S0/0/1
D 172.16.3.0/30 [90/41024000] via 192.168.10.5, 00:00:12, S0/0/0
[90/41024000] via 192.168.10.9, 00:00:12, S0/0/1
C 192.168.1.0/24 is directly connected, FastEthernet0/0
172.16.0.0/16
172.16.0.0/16
67
Disabling Automatic Summarization
The slowest link is the 64-Kbps link
R3# show ip route
<output omitted>
D 172.16.3.0/30 [90/41024000] via 192.168.10.5, 00:00:12, S0/0/0
[90/41024000] via 192.168.10.9, 00:00:12, S0/0/1
172.16.0.0/16
172.16.0.0/16
68
Manual Summarization
EIGRP can be configured to summarize routes, whether or not automatic summarization (auto-summary) is enabled.
Modified topology.
69
Manual Summarization
Add two more networks to R3. Configure EIGRP network statements.
R3(config)# interface loopback 2
R3(config-if)# ip address 192.168.2.1 255.255.255.0
R3(config-if)# interface loopback 3
R3(config-if)# ip address 192.168.3.1 255.255.255.0
R3(config-if)# router eigrp 1
R3(config-router)# network 192.168.2.0
R3(config-router)# network 192.168.3.0
70
Manual Summarization
Instead of sending three separate networks, R3 can summarize the 192.168.1.0/24, 192.168.2.0/24, and 192.168.3.0/24 networks as a single route.
R1# show ip route
D 192.168.1.0/24 [90/2172416] via 192.168.10.6, 02:07:38, S0/0/1
D 192.168.2.0/24 [90/2297856] via 192.168.10.6, 00:00:34, S0/0/1
D 192.168.3.0/24 [90/2297856] via 192.168.10.6, 00:00:18, S0/0/1
R2# show ip route
D 192.168.1.0/24 [90/3014400] via 192.168.10.10, 02:08:50, S0/0/1
D 192.168.2.0/24 [90/3139840] via 192.168.10.10, 00:01:46, S0/0/1
D 192.168.3.0/24 [90/3139840] via 192.168.10.10, 00:01:30, S0/0/1
Only pertinent routes shown
192.168.1.0/24, 192.168.2.0/24,
192.168.3.0/24 192.168.1.0/24, 192.168.2.0/24,
192.168.3.0/24
71
Determining the Summary EIGRP Route
1. Write out the networks that you want to summarize in binary.2. Find the matching bits.
Count the number of leftmost matching bits, which in this example is 22. This number becomes your subnet mask for the summarized route: /22
or 255.255.252.0.3. To find the network address for summarization, copy the matching 22 bits
and add all 0 bits to the end to make 32 bits.
The result is the summary network address and mask for 192.168.0.0/22
72
Configure EIGRP Manual Summarization
Because R3 has two EIGRP neighbors, the EIGRP manual summarization in configured on both Serial 0/0/0 and Serial 0/0/1.
Router(config-if)# ip summary-address eigrp as-number network-address subnet-mask
R3(config)# interface serial 0/0/0
R3(config-if)# ip summary-address eigrp 1 192.168.0.0 255.255.252.0
R3(config)# interface serial 0/0/1
R3(config-if)# ip summary-address eigrp 1 192.168.0.0 255.255.252.0
192.168.0.0/22
192.168.0.0/22
R3# show ip route
<output omitted>
D 192.168.0.0/22 is a summary, 00:00:06, Null0
Creates a Null0 summary route
73
Verify EIGRP Manual Summarization
Fewer number of total routes in routing tables Faster routing table lookup process more efficient.
Summary routes also require less bandwidth Single route can be sent rather than multiple individual routes.
R1# show ip route
<output omitted>
D 192.168.0.0/22 [90/2172416] via 192.168.10.6, 00:01:11, Serial0/0/1
R2# show ip route
<output omitted>
D 192.168.0.0/22 [90/3014400] via 192.168.10.10, 00:00:23, Serial0/0/1
192.168.0.0/22
192.168.0.0/22
74
EIGRP Default Route
R2(config)# ip route 0.0.0.0 0.0.0.0 loopback 1
R2(config)# router eigrp 1
R2(config-router)# redistribute static
The ISP router in our topology does not physically exist. By using a loopback interface, we can simulate a connection to another router.
Default RouteRedistribute default static route in EIGRP updates
75
EIGRP Default Route
R1# show ip route
Gateway of last resort is 192.168.10.6 to network 0.0.0.0
D*EX 0.0.0.0/0 [170/3651840] via 192.168.10.6, 00:02:14, S0/0/1
R2# show ip route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
S* 0.0.0.0/0 is directly connected, Loopback1
R3# show ip route
Gateway of last resort is 192.168.10.9 to network 0.0.0.0
D*EX 0.0.0.0/0 [170/3139840] via 192.168.10.9, 00:01:25, S0/0/1
Only static default route shown, other output omitted.
Default RouteRedistribute default static route in EIGRP updates
76
EIGRP Default Route
R1# show ip route
Gateway of last resort is 192.168.10.6 to network 0.0.0.0
D*EX 0.0.0.0/0 [170/3651840] via 192.168.10.6, 00:02:14, S0/0/1
Only static default route shown, other output omitted.
D: This static route was learned from an EIGRP routing update. *: The route is a candidate for a default route. EX: The route is an external EIGRP route, in this case a static route outside
of the EIGRP routing domain. 170: This is the AD of an external EIGRP route.
Default RouteRedistribute default static route in EIGRP updates
77
EIGRP Default Route
There is another method to propagate a default route in EIGRP, using the ip default-network command.
More information on this command can be found at this site: http://www.cisco.com/en/US/tech/tk365/
technologies_tech_note09186a0080094374.shtml.
Default RouteRedistribute default static route in EIGRP updates
CIS 185 Advanced Routing ProtocolsEIGRP Part 2
Rick Graziani
Cabrillo College
Last Updated: Fall 2009