cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1003
Views
0
Helpful
17
Replies

FWSM 2.3 OSPF prefix-lists

rm2017
Level 1
Level 1

I'm trying to get a route-map on a FWSM to work with a prefix-list, but in the match criteria it does not appear that you can enter in a prefix-list. I can create a prefix-list, but am unable to use it in a route-map.

Anyone have any insight as to why this isn't supported?

route-map ospf-default permit 10

match ip address prefix-lists Check

17 Replies 17

k.poplitz
Level 3
Level 3

Use the match ip address command in route-map configuration mode. To restore the default settings, use the no form of this command.

match ip address {acl...}

no match ip address {acl...}

Name an access list. Multiple access lists can be specified.

I had tried that earlier but I cannot get the FWSM to advertise a default route with this method.

I am getting hits on my ACL entries that are referenced in the route-map match statement, but no default route is generated.

When I simply use the default-information originate always command the 0.0.0.0 route is advertised.

Hi,

Would you be able to post the config you are using (with the route-map statement).

Note that even when you are using a route-map to carry out conditional advertisement of the default route, the default route has to exist in the routing table. Otherwise, it will not be advertised even if the route-map permits it. You can use the following syntax:

'default-information originate always route-map mapName'

With the above command, the default-route will be injected only if the route-map is satisfied. The default route does not need to exist in the routing table for this to work.

Hope that helps,

Paresh.

Thanks Paresh. I did try it with the always keyword and couldn't get ospf to send the default route that way either. My understanding is that so long as the 5.5.5.5 route is in the routing table, ospf should advertise the default route to its neighbors.

router ospf 1

network 192.168.10.5 255.255.255.0 area 10

default-information originate always route-map OSPF-Default

route-map OSPF-Default permit 10

match ip address 1

access-list 1 standard permit 5.5.5.5

Hi again...

Would you be able to post the output of 'sh ip route 5.5.5.5' and also 'sh ip ospf database' ?

regards,

Paresh.

I won't be onsite again until next week, but there is definitely a route to 5.5.5.5 in the routing table. The sh ip ospf database has about 3000+ entries.

Don't you think this configuration should work? Especially since the ACL is getting hits.

Hello,

I definitely think the config should work, especially since I've just labbed it up ...

Instead of getting the whole database, could you just do the following: 'sh ip ospf database | i 0.0.0.0'. What I'm trying to determine is whether a type-5 LSA for the default is being generated at all... It could be possible that the LSA is generated but the route is not installed by the neighboring routers...

Paresh,

Paresh - Thank you for your assistance. Do you want me to issue the 'sh ip ospf database | include 0.0.0.0' on my downstream router (in this case my 6500 msfc). My fwsm is not always getting a default route from its 'upstream router' but with the 'always' keyword it should still advertise it to its 'downstream' ospf neighbor so long as the 5.5.5.5 route is present.

Mike

Hi Mike,

The downstream router should be fine. Beign a type-5 LSA, it should be present in an identical fashion in the OSPF database of all non-stub routers in your domain.

Paresh.

Paresh,

Nothing shows up when I issue a sh ip ospf | in 0.0.0.0 on the downstream router, even when the 5.5.5.5 route is present on my FWSM.

Does it matter if I have two OSPF processes on my FWSM?

router ospf 10

network 10.10.10.0 255.255.255.0 area 2

router ospf 2

network 2.2.2.0 255.255.255.0 area 0

default-information originate always route-map OSPFDefault

The 5.5.5.5 route referenced in the route-map is learned via ospf process 10.

Thanks.

Hi again,

The fact that the referenced route is learned via another OSPF process should not matter. I have just tried that situation in my lab and it works fine.

I reckon you have hit a bug and need to log a TAC case with Cisco.

Hope that helps,

Paresh.

Paresh -

Just for comparison, what versions of code are you running on the FWSM and your 6500?

Thanks for your support.

Hi Michael,

Unfortunately, I don't have a FWSM that I can lab this up. I just tried it out on my 2600 in order to verify that the feature does indeed work as expected.

Paresh.

The OSPF implementation on the FWSM doesn't seem to be as robust as on a router or 6500. It may be by design, but I would think it should still exhibit the same behavior for the functionality that it does provide.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: