09-22-2004 03:39 PM - edited 03-02-2019 06:41 PM
Is there any way to DENY hellos from a redistributed static route 172.24.0.0 from Router C, into router B eigrp 200 but allow it to go to Router A.
The 3 routers are all on a LAN.
Distribute and redestribute access lists only seem to allow standard access lists.
Micko
09-23-2004 05:07 AM
I do not understand the part of your question when you say that you want to deny hellos from redistributed static routes. Redistributed static routes do not send hellos.
I assume that what you want to do is to allow RouterC to advertise the redistributed static to RouterA but prevent the advertisement to RouterB. If that is not correct please clarify.
Since EIGRP updates are sent as multicast, I am not aware of any way to send one version of updates on the interface to RouterA and a different set of updates on the same interface to RouterB. You could do an inbound distribute list on RouterB to prevent it learning the route but I do not know of a way to control it from RouterC.
Your point about distribute lists and standard vs extended lists might need some clarification. While it is true that most of the time distribute lists do use standard access lists it is not true that they do not permit extended access lists. Extended access lists are permitted in distribute lists. The most common place where this is done is in BGP.
And extended access lists in a distribute list do not act the way that you want them to. In a distribute list the extended access list does not filter on source and destination (as it does when used as a packet filter) but works in this way: the first address and mask in the access list statement identify the prefix to be matched and the second address and mask identify the length of the perfix to be matched.
HTH
Rick
09-23-2004 04:31 PM
Hi Rick
I was probably a bit too general.
What I have is 2 HSRP routers at one site A and B running EIGRP.
If this site dies there will are 2 HSRP routers C and D on the same LAN at the DRP site each having a weighted static route to the 172.20.0.0 address.
These static routes are redistributed back into EIGRP on the respective routers.
All 4 routers are on the same LAN (the 2 sites are bridged with a 100M link).
The path to 172.20.0.0 address always favours Router D due to the administrative distance of 170.
I have tried changing the distance,delay etc but cannot sort the problem.
What I am looking at doing now is to stop the redistributed static updates from getting to router C and at the same time allow the updates to get to everything else.
Hence my question about extended access lists.
many thanks
Micko
09-24-2004 05:08 AM
Micko
There still are a couple of things that I do not understand about your situation. You mention routers A and B at the main site and C and D at the DR site being bridged together (so in effect you have one big LAN). Are all 4 routers in the same HSRP group or do you run two HSRP groups?
You talk about C and D having a weighted static. Is that a floating static (a static which includes a parameter for administrative distance higher than the default)? If so what is the weight of the static?
You mention that C and D have static route to 172.20.0.0. How do routers A and B learn about 172.0.0?
I am a little puzzled about your statement that the path to 172.20.0.0 always favors D due to administrative distance.
And as I think about what you are saying about what you are really trying to accomplish, I think you are saying that your real objective is to not have router C learn the 172.20.0.0 route from D. If that is the case I have a suggestion. Set the administrative distance of the static on C to a value less than 170 (and greater then 90). That way C will hear the advertisement of the network from D but will have a local route with a better administrative distance. In that case router C will not put the EIGRP redistributed route into the routing table.
HTH
Rick
09-26-2004 06:49 PM
Hi Rick
There are different HSRP groups at each site.
A and B learn their route from EIGRP as an external route.
C and D at the DR site each have a floating static route.
C's has an AD of 200
D's has an AD of 210
THese routes are redistributed into EIGRP with the redistribute static command.Therefore the routes are seen to other routers as having an AD of 170.In the event of a failure at the primary site where we lose both router A and B,I want Router C to be the preferred route.Then if we lose C I want D to have the preferred route.
With your suggestion,If I set C's static to a value less than 170,when A and B come back,the preferred route will remain via C.
thanks
Micko
09-26-2004 07:08 PM
I did not understand that A and B were advertising the route as external.
Given what I think I understand of your situation and your requirements, I think that there a couple of suggestion that I would make. Probably the first is to manage the default metrics used in redistribution on C and D such that the route from D is less appealing (higher metric) than the route from C. The other alternative is to configure an offset list on router D which would add some increment to the network being advertised. This would mean that if A and/or B were up the route in the table would be their route and in\f they were down then the route from C would look better than the route from D.
HTH
Rick
09-26-2004 09:13 PM
That's what I have been trying Rick,but it seems to ignore the metrics and only care about the AD.
The only other way it seems is to block router D from sending an update for this route to router C but allow all the other routers to receive it.
But how to do it ?
tks
Micko
09-27-2004 09:31 AM
Micko
If you want to prevent router D from advertising the route you would configure under router EIGRP a distribute list out the interface. The distribute list would reference a standard access list. The standard access list would deny the route that you do not want to advertise and would permit any other route.
It should be possible to accomplish what you want by manipulating the metrics of redistribution. If you post what you have configured under router eigrp on both router C and router D we may be able to see what does not work and suggest how you should do it.
HTH
Rick
09-27-2004 06:54 PM
Ok Rick
On router C (3745)
route-map R_REDIST permit 10
match ip address R_ROUTE_REDIST
ip access-list standard R_ROUTE_REDIST
permit 172.24.0.0
permit 172.20.6.0 0.0.0.255
router eigrp 875
redistribute static route-map R_REDIST
passive-interface FastEthernet0/1
passive-interface FastEthernet1/0
network 10.0.0.0
network 192.168.134.0
no auto-summary
ip route 172.24.0.0 255.255.0.0 10.222.5.252 200
On Router D (2610)I have the same
except for the static route
ip route 172.24.0.0 255.255.0.0 10.222.5.252 200
If I could use an extended access-list on router D to prevent external updates getting to Router C but allow thenm to A and B things would be fine.
Unfortunately the options are limited on EIGRP external routes.
many thanks
Micko
09-28-2004 12:18 AM
The static route on router D should be
ip route 172.24.0.0 255.255.0.0 10.222.5.252 210
Micko
09-28-2004 05:06 AM
Miko
You continue to talk as if an extended access list could specify the destination of the update. It does not work that way. The concept of source address and destination address work when the extended access list is to be used for filtering data packets on an interface but do not work when the extended access list is to be used for filtering routing updates.
I believe there are two alternatives that should work for you. One alternative is to alter the default metrics. I had expected to find in your EIGRP configuration some definition of default metrics. It can be done either with a default-metric command or by specifying the metric parameters on the redistribute command. I would suggest that you add to the configuration of router C:
router eigrp 875
default-metric 1000 100 250 100 1500
and add to the configuration of router D:
router eigrp 875
default-metric 10000 100 250 100 1500
This will make the redistributed static from router D look less attractive and favor the route from C if it is present.
The other alternative is to configure an offset list on router D which will increase the metric of the redistributed static. The configuration would look something like this:
ip access-list standard modify_static permit 172.24.0.0
router eigrp 875
offset-list modify_static out 1000
where
HTH
Rick
09-29-2004 12:20 AM
Hi Rick
I made the changes you suggested.
I still have the problem where after the route is cleared it will switch to the other router.It will remain that way until the route is cleared on the other router.
My current configuration is as you suggested.
The metrics are being ignored once again.
From Router C
sh ip rou
S 172.24.0.0/16 [200/0] via 10.222.5.252
clear ip route 172.24.0.0
sh ip rou
D EX 172.24.0.0/16 [170/307200] via 192.168.134.231, 00:01:02, Ethernet0/0
This is the route redistributed from router D
From Router D
sh ip rou
S 172.24.0.0/16 [210/0] via 10.222.5.252
clear ip route 172.24.0.0
sh ip rou
D EX 172.24.0.0/16 [170/2611200] via 192.168.134.230, 00:00:04, Ethernet0/0
This is the route redistributed from router C
From Router A
D EX 172.24.0.0/16 [170/307200] via 192.168.134.231, 00:00:45, FastEthernet1/0
This is from router D
Micko
09-29-2004 05:19 AM
Micko
I do not understand why it is doing this. Can you post part of the configs from router C and D? I would especially like to see everything under router eigrp, all route maps, all the static routes, and the interface configs.
HTH
Rick
09-29-2004 11:33 PM
Hi Rick
Here is some more info
I had to edit out some descriptions for security
In case your wondering,many thanks
Micko
Router C
interface Ethernet0/0
ip address 192.168.134.230 255.255.255.0
half-duplex
standby 220 ip 192.168.134.238
standby 220 priority 150
standby 220 preempt
!
interface Ethernet0/1
ip address 10.222.5.248 255.255.255.0
ip access-group R_Incoming_List in
ip authentication mode eigrp 723 md5
ip authentication key-chain eigrp 723 HSRPROUTE
half-duplex
standby 230 ip 10.222.5.254
standby 230 priority 150
standby 230 preempt
!
router eigrp 723
network 10.222.5.0 0.0.0.255
no auto-summary
!
router eigrp 875
redistribute static route-map R_REDIST
passive-interface Ethernet0/1
network 10.0.0.0
network 192.168.134.0
default-metric 1000 100 250 100 1500
no auto-summary
!
ip classless
ip route 172.24.0.0 255.255.0.0 10.222.5.252 200
ip route 192.168.140.0 255.255.255.0 10.222.5.252 200
no ip http server
!
ip access-list standard R_ROUTE_REDIST
permit 172.24.0.0
permit 192.168.140.0
!
ip access-list extended R_Incoming_List
permit tcp any any established
permit eigrp any any
permit icmp any any echo-reply
deny ip any any log
this is cut down
route-map R_REDIST permit 10
match ip address R_ROUTE_REDIST
Router D
interface Ethernet0/0
ip address 192.168.134.231 255.255.255.0
half-duplex
standby 220 ip 192.168.134.238
!
interface Ethernet0/1
ip address 10.222.5.249 255.255.255.0
ip access-group R_Incoming_List in
ip authentication mode eigrp 723 md5
ip authentication key-chain eigrp 723 HSRPROUTE
delay 4000
half-duplex
no cdp enable
standby 230 ip 10.222.5.254
!
router eigrp 723
network 10.222.5.0 0.0.0.255
network 192.168.134.0
no auto-summary
!
router eigrp 875
redistribute static route-map R_REDIST
passive-interface Ethernet0/1
network 10.0.0.0
network 192.168.134.0
default-metric 10000 100 250 100 1500
no auto-summary
no eigrp log-neighbor-changes
no eigrp log-neighbor-warnings
!
ip classless
ip route 172.24.0.0 255.255.0.0 10.222.5.252 210
ip route 192.168.140.0 255.255.255.0 10.222.5.252 210
!
ip access-list standard R_ROUTE_REDIST
permit 172.24.0.0
permit 192.168.140.0
!
ip access-list extended R_Incoming_List
permit tcp any any established
permit eigrp any any
permit icmp any 172.24.30.0 0.0.0.255 echo
permit icmp any any echo-reply
deny ip any any log
this is cut down
route-map R_REDIST permit 10
match ip address R_ROUTE_REDIST
!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide