Solved: Thank you Jon, that helped

Rob R. · ‎05-09-2015

Hello, I'm trying to understand why a route-map I've configured isn't filtering a route. Below is a screenshot of the GNS3 topology I'm working on. I am trying to Filter the route, 192.168.192.32/37(R3's Loopback1) on Router R6 towards R9. I do not want R9 to be able to route to the 192.168.192.32/27 network. I've applied the following route-map to R6's Interface Fa 0/1 in the "out" direction. However I can still hit the .192.54 address on R3. What am I missing?

router eigrp 1
network 10.0.2.0 0.0.0.255
network 20.0.0.0 0.0.0.255
distribute-list route-map filter-192 out FastEthernet0/1
no auto-summary

ip prefix-list RM-192 seq 5 permit 192.168.192.32/27
!
route-map filter-192 deny 10
match ip address prefix-list RM-192
!
route-map filter-192 permit 15

I do have a summary route on R6, Interface Fa 0/1 for 192.168.0.0/16, does this make a difference? I thought the route-map would match the more specific route. Thank you for any help on this.

Jon Marshall · ‎05-10-2015

Rob

If the route for the specific network isn't in R9's routing table then it looks like your route filtering worked.

As to why you can still ping the loopback it all depends on what is in R9's routing table.

It's not clear whether you are saying there is a default route but if there is then that would allow the ping to work.

Jon

View solution in original post

Jon Marshall · ‎05-10-2015

Are you saying you are advertising 192.168.0.0/16 to R9 ?

If so then it doesn't matter whether you filter the more specific 192.168.192.32/27 because R9 still has a route to the loopback using the summary route.

Jon

Rob R. · ‎05-10-2015

Thanks Jon, However, I removed the summary route from R6 and I can still ping that network from R9. Could it be that because my default route passes through R3 that those packets are still being delivered to the 192.168.192.32/27 network? I do not see a route to the network on R9 but I can still ping it.

Thanks,

Rob

Jon Marshall · ‎05-10-2015

Rob

If the route for the specific network isn't in R9's routing table then it looks like your route filtering worked.

As to why you can still ping the loopback it all depends on what is in R9's routing table.

It's not clear whether you are saying there is a default route but if there is then that would allow the ping to work.

Jon

Rob R. · ‎05-10-2015

Thank you Jon, that helped out quite a bit. I didn't realize that even though the specific route was being blocked via the route-map, that the traffic would still make it to the destination via the default-route. To test your post above, I simply stopped advertising the default-route and you're correct, the traffic to 192.168.192.32/27 from R9 stopped pinging. Thanks for the help.

R9#show ip route

Gateway of last resort is 20.0.0.2 to network 0.0.0.0 <-- Removed

192.168.128.0/25 is subnetted, 1 subnets
D 192.168.128.128 [90/463360] via 20.0.0.2, 00:04:34, FastEthernet0/0
20.0.0.0/24 is subnetted, 1 subnets
C 20.0.0.0 is directly connected, FastEthernet0/0
D 200.20.16.0/24 [90/358400] via 20.0.0.2, 15:40:42, FastEthernet0/0
10.0.0.0/24 is subnetted, 8 subnets
D 10.0.8.0 [90/363520] via 20.0.0.2, 00:02:15, FastEthernet0/0
D 10.0.2.0 [90/307200] via 20.0.0.2, 14:56:15, FastEthernet0/0
D 10.0.3.0 [90/332800] via 20.0.0.2, 14:56:17, FastEthernet0/0
D 10.0.1.0 [90/309760] via 20.0.0.2, 14:56:17, FastEthernet0/0
D 10.0.6.0 [90/335360] via 20.0.0.2, 14:34:36, FastEthernet0/0
D 10.0.7.0 [90/337920] via 20.0.0.2, 14:56:17, FastEthernet0/0
D 10.0.4.0 [90/332800] via 20.0.0.2, 14:34:46, FastEthernet0/0
D 10.0.5.0 [90/335360] via 20.0.0.2, 14:56:19, FastEthernet0/0
11.0.0.0/24 is subnetted, 1 subnets
C 11.0.0.0 is directly connected, Loopback1
D 192.168.1.0/24 [90/463360] via 20.0.0.2, 00:04:38, FastEthernet0/0
D* 0.0.0.0/0 [90/363520] via 20.0.0.2, 00:02:14, FastEthernet0/0

EIGRP Route Filtering via Route-Map Help