cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
820
Views
0
Helpful
15
Replies

Route-map

danny.carroll
Level 1
Level 1

Hello,

I am trying to determine if you are able to block a route with a route-map.

I know i can block route through a distribute list. I can also block redistributing with a route map but can i make a route-map act as a distribute list and drop packets from 1 eigrp router to another?

I've been trying in a lab all morning and it doesn't seem to work.

route-map deny_172 deny 10

match ip address 1

interface fa0/0

ip policy route-map deny_172

access-list 1 permit 172.16.0.0 0.0.0.255

thanks

dan

15 Replies 15

Mohamad Qayoom
Level 3
Level 3

What if you do the following :

route-map deny_172 permit 10

match ip address 1

interface fa0/0

ip policy route-map deny_172

access-list 1 deny 172.16.0.0 0.0.0.255

no sorry mate. Didn't work.

maybe i have to do the route map on the router distributing the routes. Is that my problem?

adamclarkuk_2
Level 4
Level 4

Are you talking about blocking 'access' from that network range or stopping that network from entering the eigrp RIB.

If you are talking about blocking access from that network range and you want to do this via a policy route (ip policy) and not a standard ACL, then try the following :-

route-map deny_172 permit 10

match ip address 1

set interface Null0

This will pass any trafffic from your ACL to the NULL0 interface therefore blackholing it.

That is if you want to deny access otherwise you have answered your own question by added the route-map to the redistribute line under router eigrp x.

So if the network was a static

redistribute static route-map deny_172

dont forget to add a permit ip any to your ACL otherwise EVERYTHING will be blocked

access-list 1 deny 172.16.0.0 0.0.0.255

access-list 1 permit any

yah route maps seem to work just fine for redistributing but internal to the eigrp doesn't seem to work for me.

Maybe that's not even a feature.

What do you mean by internal to eigrp ?

sorry i mean. I mean am not doing any redistributing.

Then I am not sure what you are trying to do, are you trying to filter that network range that is coming in from other eigrp neighbors ??

I have 2 routers both running eigrp.

router 1 has:

172.16.0.1 on fa0/1

10.0.0.1 on fa0/0

router 2 has

10.0.0.2 on fa0/0

I want to block the 172.16.0.x network from being shared by eigrp.

I know i can use a distribute-list to deny the 172.16.0.0 network to the other device. Although I haven't been able to drop the network with just a route-map.

Ah ok

You can use a distribute-list WITH a route-map attached :-

access-list 1 deny 172.16.0.0 0.0.0.255

access-list 1 permit any

route-map deny_172 permit 10

match ip address 1

redistribute eigrp route-map deny_172 in

or

redistribute eigrp route-map deny_172 out

depnding or which router

unfortunately you can't redistribute eigrp into eigrp. It says not allowed :)

Sorry I cut and paste by mistake

distribute-list route-map deny_172 in

or

distribute-list route-map deny_172 out

depnding or which router

hmmm. Would you say that this isn't possible without a distribute-list then.

My test was to block it without a distribute list but it doesn't seem to work.

I dont see how else you could do this, have you heard somewhere that you can then?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: