Hi Rick

I was probably a bit too general.

What I have is 2 HSRP routers at one site A and B running EIGRP.

If this site dies there will are 2 HSRP routers C and D on the same LAN at the DRP site each having a weighted static route to the 172.20.0.0 address.

These static routes are redistributed back into EIGRP on the respective routers.

All 4 routers are on the same LAN (the 2 sites are bridged with a 100M link).

The path to 172.20.0.0 address always favours Router D due to the administrative distance of 170.

I have tried changing the distance,delay etc but cannot sort the problem.

What I am looking at doing now is to stop the redistributed static updates from getting to router C and at the same time allow the updates to get to everything else.

Hence my question about extended access lists.

many thanks

Micko

Micko

There still are a couple of things that I do not understand about your situation. You mention routers A and B at the main site and C and D at the DR site being bridged together (so in effect you have one big LAN). Are all 4 routers in the same HSRP group or do you run two HSRP groups?

You talk about C and D having a weighted static. Is that a floating static (a static which includes a parameter for administrative distance higher than the default)? If so what is the weight of the static?

You mention that C and D have static route to 172.20.0.0. How do routers A and B learn about 172.0.0?

I am a little puzzled about your statement that the path to 172.20.0.0 always favors D due to administrative distance.

And as I think about what you are saying about what you are really trying to accomplish, I think you are saying that your real objective is to not have router C learn the 172.20.0.0 route from D. If that is the case I have a suggestion. Set the administrative distance of the static on C to a value less than 170 (and greater then 90). That way C will hear the advertisement of the network from D but will have a local route with a better administrative distance. In that case router C will not put the EIGRP redistributed route into the routing table.

HTH

Rick

Hi Rick

There are different HSRP groups at each site.

A and B learn their route from EIGRP as an external route.

C and D at the DR site each have a floating static route.

C's has an AD of 200

D's has an AD of 210

THese routes are redistributed into EIGRP with the redistribute static command.Therefore the routes are seen to other routers as having an AD of 170.In the event of a failure at the primary site where we lose both router A and B,I want Router C to be the preferred route.Then if we lose C I want D to have the preferred route.

With your suggestion,If I set C's static to a value less than 170,when A and B come back,the preferred route will remain via C.

thanks

Micko

I did not understand that A and B were advertising the route as external.

Given what I think I understand of your situation and your requirements, I think that there a couple of suggestion that I would make. Probably the first is to manage the default metrics used in redistribution on C and D such that the route from D is less appealing (higher metric) than the route from C. The other alternative is to configure an offset list on router D which would add some increment to the network being advertised. This would mean that if A and/or B were up the route in the table would be their route and in\f they were down then the route from C would look better than the route from D.

HTH

Rick

That's what I have been trying Rick,but it seems to ignore the metrics and only care about the AD.

The only other way it seems is to block router D from sending an update for this route to router C but allow all the other routers to receive it.

But how to do it ?

tks

Micko

Micko

If you want to prevent router D from advertising the route you would configure under router EIGRP a distribute list out the interface. The distribute list would reference a standard access list. The standard access list would deny the route that you do not want to advertise and would permit any other route.

It should be possible to accomplish what you want by manipulating the metrics of redistribution. If you post what you have configured under router eigrp on both router C and router D we may be able to see what does not work and suggest how you should do it.

HTH

Rick

Ok Rick

On router C (3745)

route-map R_REDIST permit 10

match ip address R_ROUTE_REDIST

ip access-list standard R_ROUTE_REDIST

permit 172.24.0.0

permit 172.20.6.0 0.0.0.255

router eigrp 875

redistribute static route-map R_REDIST

passive-interface FastEthernet0/1

passive-interface FastEthernet1/0

network 10.0.0.0

network 192.168.134.0

no auto-summary

ip route 172.24.0.0 255.255.0.0 10.222.5.252 200

On Router D (2610)I have the same

except for the static route

ip route 172.24.0.0 255.255.0.0 10.222.5.252 200

If I could use an extended access-list on router D to prevent external updates getting to Router C but allow thenm to A and B things would be fine.

Unfortunately the options are limited on EIGRP external routes.

many thanks

Micko

The static route on router D should be

ip route 172.24.0.0 255.255.0.0 10.222.5.252 210

Micko

Miko

You continue to talk as if an extended access list could specify the destination of the update. It does not work that way. The concept of source address and destination address work when the extended access list is to be used for filtering data packets on an interface but do not work when the extended access list is to be used for filtering routing updates.

I believe there are two alternatives that should work for you. One alternative is to alter the default metrics. I had expected to find in your EIGRP configuration some definition of default metrics. It can be done either with a default-metric command or by specifying the metric parameters on the redistribute command. I would suggest that you add to the configuration of router C:

router eigrp 875

default-metric 1000 100 250 100 1500

and add to the configuration of router D:

router eigrp 875

default-metric 10000 100 250 100 1500

This will make the redistributed static from router D look less attractive and favor the route from C if it is present.

The other alternative is to configure an offset list on router D which will increase the metric of the redistributed static. The configuration would look something like this:

ip access-list standard modify_static permit 172.24.0.0

router eigrp 875

offset-list modify_static out 1000

where is the identifier of the interface through which the update will be sent.

HTH

Rick

Micko

I do not understand why it is doing this. Can you post part of the configs from router C and D? I would especially like to see everything under router eigrp, all route maps, all the static routes, and the interface configs.

HTH

Rick

Hi Rick

Here is some more info

I had to edit out some descriptions for security

In case your wondering,many thanks

Micko

Router C

interface Ethernet0/0

ip address 192.168.134.230 255.255.255.0

half-duplex

standby 220 ip 192.168.134.238

standby 220 priority 150

standby 220 preempt

!

interface Ethernet0/1

ip address 10.222.5.248 255.255.255.0

ip access-group R_Incoming_List in

ip authentication mode eigrp 723 md5

ip authentication key-chain eigrp 723 HSRPROUTE

half-duplex

standby 230 ip 10.222.5.254

standby 230 priority 150

standby 230 preempt

!

router eigrp 723

network 10.222.5.0 0.0.0.255

no auto-summary

!

router eigrp 875

redistribute static route-map R_REDIST

passive-interface Ethernet0/1

network 10.0.0.0

network 192.168.134.0

default-metric 1000 100 250 100 1500

no auto-summary

!

ip classless

ip route 172.24.0.0 255.255.0.0 10.222.5.252 200

ip route 192.168.140.0 255.255.255.0 10.222.5.252 200

no ip http server

!

ip access-list standard R_ROUTE_REDIST

permit 172.24.0.0

permit 192.168.140.0

!

ip access-list extended R_Incoming_List

permit tcp any any established

permit eigrp any any

permit icmp any any echo-reply

deny ip any any log

this is cut down

route-map R_REDIST permit 10

match ip address R_ROUTE_REDIST

Router D

interface Ethernet0/0

ip address 192.168.134.231 255.255.255.0

half-duplex

standby 220 ip 192.168.134.238

!

interface Ethernet0/1

ip address 10.222.5.249 255.255.255.0

ip access-group R_Incoming_List in

ip authentication mode eigrp 723 md5

ip authentication key-chain eigrp 723 HSRPROUTE

delay 4000

half-duplex

no cdp enable

standby 230 ip 10.222.5.254

!

router eigrp 723

network 10.222.5.0 0.0.0.255

network 192.168.134.0

no auto-summary

!

router eigrp 875

redistribute static route-map R_REDIST

passive-interface Ethernet0/1

network 10.0.0.0

network 192.168.134.0

default-metric 10000 100 250 100 1500

no auto-summary

no eigrp log-neighbor-changes

no eigrp log-neighbor-warnings

!

ip classless

ip route 172.24.0.0 255.255.0.0 10.222.5.252 210

ip route 192.168.140.0 255.255.255.0 10.222.5.252 210

!

ip access-list standard R_ROUTE_REDIST

permit 172.24.0.0

permit 192.168.140.0

!

ip access-list extended R_Incoming_List

permit tcp any any established

permit eigrp any any

permit icmp any 172.24.30.0 0.0.0.255 echo

permit icmp any any echo-reply

deny ip any any log

this is cut down

route-map R_REDIST permit 10

match ip address R_ROUTE_REDIST

!