×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

FWSM 2.3 OSPF prefix-lists

Unanswered Question
Dec 13th, 2005
User Badges:

I'm trying to get a route-map on a FWSM to work with a prefix-list, but in the match criteria it does not appear that you can enter in a prefix-list. I can create a prefix-list, but am unable to use it in a route-map.


Anyone have any insight as to why this isn't supported?



route-map ospf-default permit 10

match ip address prefix-lists Check

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
k.poplitz Mon, 12/19/2005 - 13:50
User Badges:

Use the match ip address command in route-map configuration mode. To restore the default settings, use the no form of this command.


match ip address {acl...}


no match ip address {acl...}


Name an access list. Multiple access lists can be specified.




robertsmichael Thu, 12/29/2005 - 12:30
User Badges:

I had tried that earlier but I cannot get the FWSM to advertise a default route with this method.


I am getting hits on my ACL entries that are referenced in the route-map match statement, but no default route is generated.


When I simply use the default-information originate always command the 0.0.0.0 route is advertised.

pkhatri Thu, 12/29/2005 - 14:38
User Badges:
  • Purple, 4500 points or more

Hi,


Would you be able to post the config you are using (with the route-map statement).


Note that even when you are using a route-map to carry out conditional advertisement of the default route, the default route has to exist in the routing table. Otherwise, it will not be advertised even if the route-map permits it. You can use the following syntax:


'default-information originate always route-map mapName'


With the above command, the default-route will be injected only if the route-map is satisfied. The default route does not need to exist in the routing table for this to work.


Hope that helps,

Paresh.

robertsmichael Thu, 12/29/2005 - 17:07
User Badges:

Thanks Paresh. I did try it with the always keyword and couldn't get ospf to send the default route that way either. My understanding is that so long as the 5.5.5.5 route is in the routing table, ospf should advertise the default route to its neighbors.


router ospf 1


network 192.168.10.5 255.255.255.0 area 10


default-information originate always route-map OSPF-Default


route-map OSPF-Default permit 10

match ip address 1


access-list 1 standard permit 5.5.5.5

pkhatri Thu, 12/29/2005 - 17:58
User Badges:
  • Purple, 4500 points or more

Hi again...


Would you be able to post the output of 'sh ip route 5.5.5.5' and also 'sh ip ospf database' ?


regards,

Paresh.

robertsmichael Thu, 12/29/2005 - 18:06
User Badges:

I won't be onsite again until next week, but there is definitely a route to 5.5.5.5 in the routing table. The sh ip ospf database has about 3000+ entries.


Don't you think this configuration should work? Especially since the ACL is getting hits.

pkhatri Thu, 12/29/2005 - 18:16
User Badges:
  • Purple, 4500 points or more

Hello,


I definitely think the config should work, especially since I've just labbed it up ...


Instead of getting the whole database, could you just do the following: 'sh ip ospf database | i 0.0.0.0'. What I'm trying to determine is whether a type-5 LSA for the default is being generated at all... It could be possible that the LSA is generated but the route is not installed by the neighboring routers...


Paresh,

robertsmichael Thu, 12/29/2005 - 18:22
User Badges:

Paresh - Thank you for your assistance. Do you want me to issue the 'sh ip ospf database | include 0.0.0.0' on my downstream router (in this case my 6500 msfc). My fwsm is not always getting a default route from its 'upstream router' but with the 'always' keyword it should still advertise it to its 'downstream' ospf neighbor so long as the 5.5.5.5 route is present.


Mike

pkhatri Thu, 12/29/2005 - 18:30
User Badges:
  • Purple, 4500 points or more

Hi Mike,


The downstream router should be fine. Beign a type-5 LSA, it should be present in an identical fashion in the OSPF database of all non-stub routers in your domain.


Paresh.

robertsmichael Tue, 01/03/2006 - 10:39
User Badges:

Paresh,


Nothing shows up when I issue a sh ip ospf | in 0.0.0.0 on the downstream router, even when the 5.5.5.5 route is present on my FWSM.


Does it matter if I have two OSPF processes on my FWSM?


router ospf 10

network 10.10.10.0 255.255.255.0 area 2


router ospf 2

network 2.2.2.0 255.255.255.0 area 0

default-information originate always route-map OSPFDefault



The 5.5.5.5 route referenced in the route-map is learned via ospf process 10.


Thanks.

pkhatri Tue, 01/03/2006 - 13:25
User Badges:
  • Purple, 4500 points or more

Hi again,


The fact that the referenced route is learned via another OSPF process should not matter. I have just tried that situation in my lab and it works fine.


I reckon you have hit a bug and need to log a TAC case with Cisco.


Hope that helps,

Paresh.

robertsmichael Sun, 01/08/2006 - 11:32
User Badges:

Paresh -


Just for comparison, what versions of code are you running on the FWSM and your 6500?


Thanks for your support.

pkhatri Sun, 01/08/2006 - 17:02
User Badges:
  • Purple, 4500 points or more

Hi Michael,


Unfortunately, I don't have a FWSM that I can lab this up. I just tried it out on my 2600 in order to verify that the feature does indeed work as expected.


Paresh.

robertsmichael Mon, 01/09/2006 - 04:28
User Badges:

The OSPF implementation on the FWSM doesn't seem to be as robust as on a router or 6500. It may be by design, but I would think it should still exhibit the same behavior for the functionality that it does provide.

pkhatri Mon, 01/09/2006 - 12:00
User Badges:
  • Purple, 4500 points or more

Agreed, which is why I think you should log a TAC case. I checked the bug tool and there are a number of OSPF-related bugs on the FWSM but none that matches this issue.


Paresh.

robertsmichael Thu, 01/12/2006 - 12:32
User Badges:

I have a TAC case open and they have seen this same situation that I saw in my setup. They are escalating it to a DE to look into the potential software defect.

pkhatri Thu, 01/12/2006 - 12:48
User Badges:
  • Purple, 4500 points or more

Great. It does appear to be a bug, then...


Good luck with it.


Paresh

Actions

This Discussion