02-24-2009 11:15 AM - edited 03-04-2019 03:42 AM
Hello,
I am trying to determine if you are able to block a route with a route-map.
I know i can block route through a distribute list. I can also block redistributing with a route map but can i make a route-map act as a distribute list and drop packets from 1 eigrp router to another?
I've been trying in a lab all morning and it doesn't seem to work.
route-map deny_172 deny 10
match ip address 1
interface fa0/0
ip policy route-map deny_172
access-list 1 permit 172.16.0.0 0.0.0.255
thanks
dan
02-24-2009 11:23 AM
What if you do the following :
route-map deny_172 permit 10
match ip address 1
interface fa0/0
ip policy route-map deny_172
access-list 1 deny 172.16.0.0 0.0.0.255
02-24-2009 11:49 AM
no sorry mate. Didn't work.
02-24-2009 12:10 PM
maybe i have to do the route map on the router distributing the routes. Is that my problem?
02-24-2009 12:12 PM
Are you talking about blocking 'access' from that network range or stopping that network from entering the eigrp RIB.
If you are talking about blocking access from that network range and you want to do this via a policy route (ip policy) and not a standard ACL, then try the following :-
route-map deny_172 permit 10
match ip address 1
set interface Null0
This will pass any trafffic from your ACL to the NULL0 interface therefore blackholing it.
That is if you want to deny access otherwise you have answered your own question by added the route-map to the redistribute line under router eigrp x.
So if the network was a static
redistribute static route-map deny_172
dont forget to add a permit ip any to your ACL otherwise EVERYTHING will be blocked
access-list 1 deny 172.16.0.0 0.0.0.255
access-list 1 permit any
02-24-2009 12:15 PM
yah route maps seem to work just fine for redistributing but internal to the eigrp doesn't seem to work for me.
Maybe that's not even a feature.
02-24-2009 12:19 PM
What do you mean by internal to eigrp ?
02-24-2009 12:23 PM
sorry i mean. I mean am not doing any redistributing.
02-24-2009 12:24 PM
Then I am not sure what you are trying to do, are you trying to filter that network range that is coming in from other eigrp neighbors ??
02-24-2009 12:29 PM
I have 2 routers both running eigrp.
router 1 has:
172.16.0.1 on fa0/1
10.0.0.1 on fa0/0
router 2 has
10.0.0.2 on fa0/0
I want to block the 172.16.0.x network from being shared by eigrp.
I know i can use a distribute-list to deny the 172.16.0.0 network to the other device. Although I haven't been able to drop the network with just a route-map.
02-24-2009 12:34 PM
Ah ok
You can use a distribute-list WITH a route-map attached :-
access-list 1 deny 172.16.0.0 0.0.0.255
access-list 1 permit any
route-map deny_172 permit 10
match ip address 1
redistribute eigrp route-map deny_172 in
or
redistribute eigrp route-map deny_172 out
depnding or which router
02-24-2009 12:46 PM
unfortunately you can't redistribute eigrp into eigrp. It says not allowed :)
02-24-2009 12:49 PM
Sorry I cut and paste by mistake
distribute-list route-map deny_172 in
or
distribute-list route-map deny_172 out
depnding or which router
02-24-2009 12:54 PM
hmmm. Would you say that this isn't possible without a distribute-list then.
My test was to block it without a distribute list but it doesn't seem to work.
02-24-2009 12:56 PM
I dont see how else you could do this, have you heard somewhere that you can then?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide