12-13-2005 11:09 AM - edited 03-03-2019 11:13 AM
I'm trying to get a route-map on a FWSM to work with a prefix-list, but in the match criteria it does not appear that you can enter in a prefix-list. I can create a prefix-list, but am unable to use it in a route-map.
Anyone have any insight as to why this isn't supported?
route-map ospf-default permit 10
match ip address prefix-lists Check
12-19-2005 01:50 PM
Use the match ip address command in route-map configuration mode. To restore the default settings, use the no form of this command.
match ip address {acl...}
no match ip address {acl...}
Name an access list. Multiple access lists can be specified.
12-29-2005 12:30 PM
I had tried that earlier but I cannot get the FWSM to advertise a default route with this method.
I am getting hits on my ACL entries that are referenced in the route-map match statement, but no default route is generated.
When I simply use the default-information originate always command the 0.0.0.0 route is advertised.
12-29-2005 02:38 PM
Hi,
Would you be able to post the config you are using (with the route-map statement).
Note that even when you are using a route-map to carry out conditional advertisement of the default route, the default route has to exist in the routing table. Otherwise, it will not be advertised even if the route-map permits it. You can use the following syntax:
'default-information originate always route-map mapName'
With the above command, the default-route will be injected only if the route-map is satisfied. The default route does not need to exist in the routing table for this to work.
Hope that helps,
Paresh.
12-29-2005 05:07 PM
Thanks Paresh. I did try it with the always keyword and couldn't get ospf to send the default route that way either. My understanding is that so long as the 5.5.5.5 route is in the routing table, ospf should advertise the default route to its neighbors.
router ospf 1
network 192.168.10.5 255.255.255.0 area 10
default-information originate always route-map OSPF-Default
route-map OSPF-Default permit 10
match ip address 1
access-list 1 standard permit 5.5.5.5
12-29-2005 05:58 PM
Hi again...
Would you be able to post the output of 'sh ip route 5.5.5.5' and also 'sh ip ospf database' ?
regards,
Paresh.
12-29-2005 06:06 PM
I won't be onsite again until next week, but there is definitely a route to 5.5.5.5 in the routing table. The sh ip ospf database has about 3000+ entries.
Don't you think this configuration should work? Especially since the ACL is getting hits.
12-29-2005 06:16 PM
Hello,
I definitely think the config should work, especially since I've just labbed it up ...
Instead of getting the whole database, could you just do the following: 'sh ip ospf database | i 0.0.0.0'. What I'm trying to determine is whether a type-5 LSA for the default is being generated at all... It could be possible that the LSA is generated but the route is not installed by the neighboring routers...
Paresh,
12-29-2005 06:22 PM
Paresh - Thank you for your assistance. Do you want me to issue the 'sh ip ospf database | include 0.0.0.0' on my downstream router (in this case my 6500 msfc). My fwsm is not always getting a default route from its 'upstream router' but with the 'always' keyword it should still advertise it to its 'downstream' ospf neighbor so long as the 5.5.5.5 route is present.
Mike
12-29-2005 06:30 PM
Hi Mike,
The downstream router should be fine. Beign a type-5 LSA, it should be present in an identical fashion in the OSPF database of all non-stub routers in your domain.
Paresh.
01-03-2006 10:39 AM
Paresh,
Nothing shows up when I issue a sh ip ospf | in 0.0.0.0 on the downstream router, even when the 5.5.5.5 route is present on my FWSM.
Does it matter if I have two OSPF processes on my FWSM?
router ospf 10
network 10.10.10.0 255.255.255.0 area 2
router ospf 2
network 2.2.2.0 255.255.255.0 area 0
default-information originate always route-map OSPFDefault
The 5.5.5.5 route referenced in the route-map is learned via ospf process 10.
Thanks.
01-03-2006 01:25 PM
Hi again,
The fact that the referenced route is learned via another OSPF process should not matter. I have just tried that situation in my lab and it works fine.
I reckon you have hit a bug and need to log a TAC case with Cisco.
Hope that helps,
Paresh.
01-08-2006 11:32 AM
Paresh -
Just for comparison, what versions of code are you running on the FWSM and your 6500?
Thanks for your support.
01-08-2006 05:02 PM
Hi Michael,
Unfortunately, I don't have a FWSM that I can lab this up. I just tried it out on my 2600 in order to verify that the feature does indeed work as expected.
Paresh.
01-09-2006 04:28 AM
The OSPF implementation on the FWSM doesn't seem to be as robust as on a router or 6500. It may be by design, but I would think it should still exhibit the same behavior for the functionality that it does provide.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: