03-19-2009 12:44 PM - edited 03-06-2019 04:42 AM
I'm trying to figure out a problem with regard to EIGRP and static routing and using a route-map policy to inject specific static routes into EIRGP. We have a corporate router and about 24 remote locations connected via frame and a small group connected via site-to-site VPN. At the corporate router I have static route statements for the locations that are connected via VPN (along with many other static routes). My goal is to have only the static routes that I want injected into EIGRP for the networks connected via VPN. With our current configuration not all the static routes are working at our remote locations that are part of EIGRP and it appears the first network (we are heavily subnetted) is the only one showing in EIGRP at the remote locations.
Here is the configuration (all other info removed) for the corporate router.
router eigrp 100
redistribute connected
redistribute static route-map default
ip route 10.15.212.64 255.255.255.192 10.15.192.50
ip route 10.15.212.64 255.255.255.192 10.15.193.50 250
ip route 10.15.212.128 255.255.255.192 10.14.199.10
ip route 10.15.212.192 255.255.255.192 10.14.199.10
ip route 10.15.215.0 255.255.255.192 10.14.199.10
ip route 10.15.215.64 255.255.255.192 10.14.199.10
ip route 10.15.215.128 255.255.255.192 10.14.199.10
ip route 10.15.215.192 255.255.255.192 10.14.199.10
access-list 1 permit 0.0.0.0
access-list 1 permit 10.15.205.0 0.0.0.255
access-list 1 permit 10.15.215.128 0.0.0.63
access-list 1 permit 10.15.215.0 0.0.0.63
access-list 1 permit 10.15.215.192 0.0.0.63
access-list 1 permit 10.15.212.192 0.0.0.63
route-map default permit 10
match ip address 1
Here are the routing results at a remote location:
remoterouter>sh ip route | include 10.15.215
D EX 10.15.215.192/26
D EX 10.15.215.128/26
D EX 10.15.215.0/26 [170/2195456] via 10.15.192.201, 2w5d, Serial0/1/0.294
remoterouter>sh ip route | include 10.15.212
D EX 10.15.212.192/26
D 10.15.212.0/26 [90/2693120] via 10.15.192.201, 3w2d, Serial0/1/0.294
I believe the 0.0.0.0 in the access list is allowing all static routes to be injected into EIGRP and if this is the case than on the remote router with the âsh ip route | include 10.15.212â command the IP network/route 10.15.212.64 255.255.255 does not display.
Thanks for any help.
Jeff
03-19-2009 01:05 PM
Jeff,
"access-list 1 permit 0.0.0.0" will specifically match the default route (0/0) and nothing else. "access-list 1 permit 0.0.0.0 255.255.255.255" or "access-list 1 permit any" would be used to match all routes.
Regards
03-19-2009 01:14 PM
Jeff
Perhaps there is something in your question that I am not understanding as you intended it. But your access list has only a single permit statement for anything in 10.15.212 and it is:
access-list 1 permit 10.15.212.192 0.0.0.63
So even though you may have a static route for 10.15.212.64 it will not be redistributed since there is no permit for it in the access list used by the route map.
If there is some aspect of this that you still do not understand then please clarify your question.
HTH
Rick
03-19-2009 01:08 PM
Hi Jeff,
the comand access-list 1 permit 0.0.0.0 only match network 0.0.0.0 (default) and redistribute it into EIGRP. If you want to match all static route, you have to do
access-list 1 permit 0.0.0.0 255.255.255.255
HTH,
jerry
03-19-2009 01:34 PM
Thank you for the fast response as your replies helped me understand what the first line of the access list is doing. Sorry if I didn't clarify the problem I'm having.
I see that my problem is I cannot ping the networks in access-list 1 from the remote router but I can ping devices on those networks from the remote router network. My problem was I was pinging devices on the access-list 1 networks from the remote router and not the remote network.
Thanks again,
Jeff
03-19-2009 01:50 PM
Hi Jeff,
Does the next hop router (10.14.199.10) has a return route to your remote router?
If you use traceroute will show you where the packet died.
HTH,
jerry
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: