Solved: ip access-list EIGRProutes

steven.t27 · ‎01-11-2015

Hi

I have enabled an EIGRP peering between Nexus 7706 and Cat 6509.
The peering came up ok and routes are being advertised. I am not too sure about the route-map settings.

Below is my configuration on the 7706
ip access-list EIGRProutes
10 permit ip 10.10.2.0/24 any
20 permit ip 10.10.12.0/24 any
!
router eigrp OP6kPEER
autonomous-system 200
redistribute direct route-map EIGRProutes
!
interface Vlan242
ip address 10.10.242.254/28
ip router eigrp OP6kPEER
description EIGRP Peering
no shutdown

I have 3 interface on the 7706. 10.10.2.0, 10.10.12.0 and 10.10.41.0

At the Cat 6509 side

router eigrp 200
network 0.0.0.0
redistribute static
passive-interface default
no passive-interface Vlan242

!
Cat_6509#show ip route eigrp 200
10.0.0.0/8 is variably subnetted, 166 subnets, 7 masks
D EX 10.10.12.0/24 [170/51456] via 10.10.242.254, 00:06:44, Vlan242
D EX 10.10.2.0/24 [170/51456] via 10.10.242.254, 00:06:44, Vlan242
D EX 10.10.41.0/24 [170/51456] via 10.10.242.254, 00:00:58, Vlan242
Cat_6509#

On the 6509 I am learning 10.10.41.0/24 from the Nexus 7706. I thought the route-map I have only allowed for 10.10.2.0 and 10.10.12.0. Perhaps I have understood or miss-used the route-map function.

Please help. Thanks

Jon Marshall · ‎01-13-2015

From a brief search I found many docs suggesting that using acls was not recommended for route redistribution on Nexus switches as it can lead to unexpected results.

The recommended way is to use prefix-lists so perhaps you could give that a try ie. -

ip prefix-list <name> seq <no> permit 10.10.2.0/24

ip prefix-list <name> seq <no> permit 10.10.12.0/24

and then

route-map EIGRProutes permit 10

match ip address prefix-list <name>

Jon

View solution in original post

Reza Sharifi · ‎01-11-2015

Hi,

Can you post the output of "sh access-list EIGRProutes"

There is an implicit deny at the end but can you add "30 deny any any" at the end and test again?

HTH

steven.t27 · ‎01-12-2015

Hi Reza

I have only permitted 10.10.2.x and 10.10.12.x in my access-list I can post the config tomorrow. I have also tried to add a deny statement at the end deny any any but it didn't work.

Thanks

Jon Marshall · ‎01-12-2015

Can you also post the actual route-map configuration.

Jon

steven.t27 · ‎01-12-2015

ip access-list EIGRProutes
10 permit ip 10.10.2.0/24 any
20 permit ip 10.10.12.0/24 any
99 deny ip any any

!

route-map EIGRProutes permit 10
match ip address EIGRProutes

!

router eigrp OP6kPEER
autonomous-system 200
redistribute direct route-map EIGRProutes

Jon Marshall · ‎01-13-2015