Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
707
Views
2
Helpful
7
Replies

EIGRP command "summary address"

Go to solution
jmaxwellUSAF
VIP
VIP

‎08-14-2023 06:58 AM - last edited on ‎08-15-2023 11:50 AM by Community Manager

Hello.

My goal is to stop

ASA5525 Anyconnect /32

routes from flapping through the network.

Question:

What is the resulting differences between these 3 configs?...

1. "#ip summary-address eigrp 172.16.25.0. 0.0.0.255"
2. "#router EIGRP 1
#no auto summary
#network 172.16.25.0 0.0.0.255"
3. "#ip route 172.16.25.0 255.255.255.0"    !!

Then EIGRP redistributes this via a

route map with prefix list.!!

--

Thank you!

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎08-14-2023 07:14 AM - last edited on ‎08-15-2023 11:58 AM by Community Manager

Hello @jmaxwellUSAF ,

option 1 ) applies outbound the interface it is configured not to all neighbors. You may want to add an AD value at the end as this creates a

static route to null0

so use of AD is recommended to avoid possible routing black hole.

2)  this is simply EIGRP with no auto-summary and this will advertise any

prefix in 172.25.0.0/16

regardless of

prefix length

This is a prerequiste for option 1 or option 3

3)  if you create a

static route to 172.25.0.0/16

with a true

next-hop ( not null0) or using null0

you are allowed to inject the prefix into EIGRP using

redistribution

of static routes a

route-map

that invokes a

prefix list matching 172.25.0.0/16

can be used.

The

prefix-list

has to match on exact match only

ip prefix-list ONLY-172-25 se 5 permit 172.25.0.0/16

with no ge or le modifiers

This kind of configuration will create an EIGRP external route for the prefix and allows to filter out the more specific routes only if they are not present in the EIGRP table.

if you have internal component routes in the EIGRP routing table (for option 2 config )  you should use a

distribution list

that denies component routes and allows the aggregate to be applied at EIGRP process level.

Warning:  the

distribute list

must allow all other prefixes that need to be advertised to neighbors. A

route-map

can be used  in combination with the

distribute-list

command. The

route-map

can have multiple blocks with a final block that simply allows all other prefixes.

ip prefix-list BLOCK-CR seq 5 permit 172.25.0.0/16 ge 17 le 32

route-map  BLOCK-ROUTES permit 10

match ip prefix-list ONLY-172-25

route-map  BLOCK-ROUTES deny 20

match ip prefix-list BLOCK-CR

! final statement empty to allow all other prefixes

route-map BLOCK-ROUTES permit 30

Hope to help

Giuseppe

 

View solution in original post

7 Replies 7

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎08-14-2023 07:14 AM - last edited on ‎08-15-2023 11:58 AM by Community Manager

Hello @jmaxwellUSAF ,

option 1 ) applies outbound the interface it is configured not to all neighbors. You may want to add an AD value at the end as this creates a

static route to null0

so use of AD is recommended to avoid possible routing black hole.

2)  this is simply EIGRP with no auto-summary and this will advertise any

prefix in 172.25.0.0/16

regardless of

prefix length

This is a prerequiste for option 1 or option 3

3)  if you create a

static route to 172.25.0.0/16

with a true

next-hop ( not null0) or using null0

you are allowed to inject the prefix into EIGRP using

redistribution

of static routes a

route-map

that invokes a

prefix list matching 172.25.0.0/16

can be used.

The

prefix-list

has to match on exact match only

ip prefix-list ONLY-172-25 se 5 permit 172.25.0.0/16

with no ge or le modifiers

This kind of configuration will create an EIGRP external route for the prefix and allows to filter out the more specific routes only if they are not present in the EIGRP table.

if you have internal component routes in the EIGRP routing table (for option 2 config )  you should use a

distribution list

that denies component routes and allows the aggregate to be applied at EIGRP process level.

Warning:  the

distribute list

must allow all other prefixes that need to be advertised to neighbors. A

route-map

can be used  in combination with the

distribute-list

command. The

route-map

can have multiple blocks with a final block that simply allows all other prefixes.

ip prefix-list BLOCK-CR seq 5 permit 172.25.0.0/16 ge 17 le 32

route-map  BLOCK-ROUTES permit 10

match ip prefix-list ONLY-172-25

route-map  BLOCK-ROUTES deny 20

match ip prefix-list BLOCK-CR

! final statement empty to allow all other prefixes

route-map BLOCK-ROUTES permit 30

Hope to help

Giuseppe

 

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to Giuseppe Larosa

‎08-14-2023 09:10 AM - last edited on ‎08-15-2023 11:59 AM by Community Manager

BTW, also, option two is a "given" when doing CIDR.  Generally, we no longer want implicit Classful summarization.

Also, to @jmaxwellUSAF, you're sure you want to aggregate an

entire /16

?  Just seems like an excessively large address block for a set of VPN clients, but that may have been what has been set aside for them.

0 Helpful

Go to solution
jmaxwellUSAF
VIP
VIP
In response to Joseph W. Doherty

‎08-14-2023 09:27 AM - last edited on ‎08-15-2023 12:00 PM by Community Manager

Yea,

/16

is incorrect. It should be

/24

I'm editing my post now. Thx.

0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to jmaxwellUSAF

‎08-14-2023 09:55 AM - edited ‎08-14-2023 09:56 AM

Good!

BTW, I vaguely (??? - decades ago) some network VPN devices did NOT advertise host routes, for their clients, to avoid the kind of issue you're working to mitigate.  Possibly you don't need to do network summarization.

0 Helpful

Go to solution
jmaxwellUSAF
VIP
VIP
In response to Giuseppe Larosa

‎08-15-2023 11:27 AM - last edited on ‎08-15-2023 12:01 PM by Community Manager

Hello Giuseppe.

I understand the above

route map

May you please add the

distribute list

config that will make this config complete?

Thank you.

0 Helpful

Go to solution
jmaxwellUSAF
VIP
VIP
In response to Giuseppe Larosa

‎08-16-2023 08:22 AM - edited ‎08-16-2023 08:23 AM

QUESTION: May you please tell me if this syntax looks correct? Thank you.

!! (obfuscated) !!
router eigrp 5
distribute-list route-map BLOCK-ANYCONNECT5-SLASH-32-ROUTES out

ip prefix-list PERMIT-ANYCONNECT5-SLASH-24-SUBNET se 10 permit 172.16.25.0/16

ip prefix-list BLOCK-ANYCONNECT5-SLASH-32-SUBNETS seq 10 permit 172.16.25.0/16 ge 32
--

route-map BLOCK-ANYCONNECT5-SLASH-32-ROUTES permit 10

match ip prefix-list PERMIT-ANYCONNECT5-SLASH-24-SUBNET

route-map  BLOCK-ANYCONNECT5-SLASH-32-ROUTES deny 20

match ip prefix-list BLOCK-ANYCONNECT5-SLASH-32-SUBNETS

!! (final statement empty to allow all other prefixes) !!

route-map BLOCK-ANYCONNECT5-SLASH-32-ROUTES permit 30

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to jmaxwellUSAF

‎08-16-2023 10:20 AM

Hello @jmaxwellUSAF ,

the syntax looks like correct but you need to refer to the actual prefix /24

ip prefix-list PERMIT-ANYCONNECT5-SLASH-24-SUBNET se 10 permit 172.16.25.0/24

ip prefix-list BLOCK-ANYCONNECT5-SLASH-32-SUBNETS seq 10 permit 172.16.25.0/24 ge 32

Hope to help

Giuseppe

 

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card