02-11-2024 02:14 AM - edited 02-11-2024 02:18 AM
On R2 route map in permit 20
it permits the route that was denied in deny 10:
!interface Ethernet0/3
no ip address
shutdown
!
!
router eigrp 1
distribute-list route-map FILTER_IN in
network 192.168.0.0 0.0.255.255
network 192.168.12.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
ip access-list standard NET_1
deny 1.1.1.0 0.0.0.255
permit any
!
!
ip prefix-list SMALL_PREFIXES seq 5 permit 172.16.0.0/16 ge 26
no cdp log mismatch duplex
!
route-map FILTER_IN permit 10
match ip address NET_1
!
!
!
control-plane
logging synchronous
line vty 0 4
login
transport input all
!
with no Route Map permit 20 the 1.1.1.0 network not in table:
Now i do this;
route-map FILTER_IN permit 10
match ip address NET_1
!
route-map FILTER_IN permit 20 (I added this)
!
!
Now 1.1.1.0 in table
What is the logic behind this? Since 1.1.1.0 already denied in permit 10, even though permit 20 matches everything it's strange to me it is letting in 1.1.1.0.... Any one have insight as to if this is a design choice, or simply because of the permit all for the permit 20 of the route map..
02-11-2024 02:21 AM
It not issue of route-map it issue of acl.
Can you check show ip eigrp topolgy in router originate this prefix' what is the mask and subnet.
You need to use same mask and subnet.
And again friend' try avoiding using acl in filter prefix' use prefix-list.
MHM
02-12-2024 03:12 AM
I deleted the lab, this was the only part bugging me, and I deleted it once finished
02-11-2024 04:01 AM
Hello,
it does not look logical indeed. Apparently the second 'catch-all' route map entry allows everything and overrides the 'deny' statement in the first route-map statement. In theory, the processing of the route map should stop after the first match.
Not sure if this is a bug or by design. The second route map statement is, obviously, redundant and not necessary...
02-12-2024 03:20 AM
This was taken from networklessons EIGRP filtering lesson:
https://networklessons.com/eigrp/eigrp-route-map-filtering
It didn't look like a bug he seems to have done it intentional ~ maybe I missed something along the way. MHM mentioned a good point it could have been related to the application of acl. However if this was the case why would it get blocked at permit 10.
02-12-2024 03:34 AM
Actually I analyze this issue but forget to write answer'
Now
First route-map without permit 20
The 1.0.0.0 is match acl but this acl is deny so the route-map dont do any action and it check next route-map line abd since here there is no more line the prefix no effect'
Note' the 1.0.0.0 hit the first acl line so it not check permit any in same acl
Second route-map with permit 20
Here as above since acl line is deny then route-map check next route-map line and here there is and any route-map permit without match meaning allow anything' so 1.0.0.0 is advertise
MHM
02-12-2024 03:36 AM
Solution if you still want to use acl is
Route-map mhm deny 10
Match ip address 10
Route-map mhm permit 20
!
Ip access-list standard 10
Permit 1.0.0.0 0.0.0.255
MHM
02-12-2024 03:56 AM
Hello,
in the Networklessons lab, they don't use the second 'catch-all' route map entry, but it shouldn't matter, in theory, whether you use it or not, because the route should have been caught and subsequently denied by the first entry.
I am not sure if you have a valid account for Networklessons, but if you do, maybe you can ask Rene why it works the way it works. I tried to debug the route maps, but nothing really showed up...if you get an answer, post it here, it would be interesting to see.
02-12-2024 03:05 PM
Hello
The logic I beleive is:
A route-map that permits and the ACL that denies the route-map match is not found as such the next route-map stanza is checked, However If you use a route-map with a deny clause,and with an ACL that permits then the route will be filtered
example:
access-list 1 permit 1.1.0.0 0.0.0.255
route-map FILTER_IN deny 10
match ip address 1
route-map FILTER_IN permit 100
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide