09-16-2002 07:43 AM - last edited on 03-25-2019 02:42 PM by ciscomoderator
I seem to be having trouble with a route-map stopping eigrp on a wan interface. My intent is to change the default gateway, based on source IP address. In one instance the source ip address is of a directly connected network. The other case is of a remote network segment.
Consider the following code:
interface e0/1
Description local LAN
ip address 172.16.90.1 255.255.255.0
ip policy route-map tointernet
interface s1/7
description remote site with a lan 10.1.25.0
ip policy route-map tointernet
route-map tointernet permit 10
match ip address 111
set ip default next-hop 172.16.94.1 10.150.0.29
route-map tointernet permit 20
set ip default next-hop 10.150.0.29 172.16.94.1
access-list 111 permit ip 172.16.90.0 0.0.0.255 any
access-list 111 permit ip 10.1.25.0 0.0.1.255 any
When I create the route-map statement on s1/7, all eigrp seems to drop from the link, and I loose connectivity to the remote router's LAN. EIGRP does not show the route in the table.
How do I get my route-map to work correctly for this remote network?
Thank you!
09-17-2002 08:39 AM
Do I need to do an implicit deny for the directly connected network on s1/7, perhaps?
*bump*
09-24-2002 11:13 AM
Still can't get it to work. any ideas?
*bump*
09-24-2002 11:32 AM
What if you change your acl to :
access-list 111 deny eigrp any any (or 224.0.0.10 for eigrp)
access-list 111 deny eigrp any any
access-list 111 permit ip 172.16.90.0 0.0.0.255 any
access-list 111 permit ip 10.1.25.0 0.0.1.255 any
Also for route-map tointernet permit 20 add an acl like 111 to deny eigrp.
(wild thought that maybe it is routing the multicast packets away instead of processing them)
If not, turn on debug ip eigrp, debug eigrp neighbors and debug eigrp packet to see what's going on.
Hope it helps
Steve
09-24-2002 06:19 PM
Hi,
Please note that in your configuration, since you have used "default" keyword before next-hop, only if there is no route for the specified destination, this policy routing will work, Otherwise your normal routing will suffice. You should be using "set ip next-hop" command in place of "set ip default next-hop"
Also i guess, what you really want is......Packets from 172.16.90.0 network should use 172.16.94.1 as next hop (Primary), while packets from 10.1.25.0 network should use 10.150.0.29 as next hop (primary). For this to happen, you should not match both the source networks in the same access-list. You should either create two access lists 111 and 112. as follows
access-list 111 permit ip 172.16.90.0 0.0.0.255 any
access-list 112 permit ip 10.1.25.0 0.0.1.255 any
route-map tointernet permit 10
match ip add 111
set ip next-hop 172.16.94.1 10.150.0.29
route-map tointernet permit 20
match ip add 112
set ip next-hop 10.150.0.29 172.16.94.1
For more details on policy routing configuration commands, please check following link
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/qos_c/qcpart1/qcpolicy.htm
12-27-2002 07:48 AM
Well, it's been a while, but I am back on this issue!
Actually, I do want default next hops, not next hops.
My network runs eigrp for all routing, except default routing. I only want to control the default route (the route to use if no routes exist in the routing table).
This is working fine.
My problem is that when I place the ip policy route-map command on an interface, all EIGRP routes that are received from that interface disappear from the routing table.
12-27-2002 02:44 PM
When you apply the policy route-map to the interface, does this router still be neighbor with the remote router?
When you have this problem could you send us:
sho ip ei nei
sho ip route
sho ip eigrp topo
sho run | beg router eigrp
Thanx,
GOpal
12-30-2002 04:54 AM
Hi Gopal -
I am pretty sure that the eigrp neighbor entry dissapears, but let me run it for you (edited for clarity):
Before:
Dearborn#show ip eigrp neighbors
IP-EIGRP neighbors for process 1
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 10.200.2.53 Se1/4 14 00:00:24 77 462 0 555
After application of route map to serial 1/4, it is gone.
Route:
Dearborn#show ip route 192.168.33.0
Routing entry for 192.168.33.0/24
Known via "eigrp 1", distance 90, metric 2204160, type internal
Redistributing via eigrp 1
Last update from 10.200.2.53 on Serial1/4, 00:01:32 ago
Routing Descriptor Blocks:
* 10.200.2.53, from 10.200.2.53, 00:01:32 ago, via Serial1/4
Route metric is 2204160, traffic share count is 1
Total delay is 21000 microseconds, minimum bandwidth is 1536 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 1
After application:
Dearborn#show ip route 192.168.33.1
% Network not in table
Dearborn#
Before:
Dearborn#show ip eigrp topology 192.168.33.0 255.255.255.0
IP-EIGRP topology entry for 192.168.33.0/24
State is Passive, Query origin flag is 1, 1 Successor(s), FD is 2204160
Routing Descriptor Blocks:
10.200.2.53 (Serial1/4), from 10.200.2.53, Send flag is 0x0
Composite metric is (2204160/281600), Route is Internal
Vector metric:
Minimum bandwidth is 1536 Kbit
Total delay is 21000 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 1
Dearborn#
After:
Dearborn#show ip eigrp topology 192.168.33.0 255.255.255.0
Route not in topology table
Dearborn#
show run:
router eigrp 1
redistribute connected
redistribute static
network 206.150.0.0
network 206.150.60.0
network 192.168.0.0
network 172.16.0.0
network 206.150.30.0
network 10.0.0.0
default-metric 56 2000 240 56 1500
no auto-summary
What do you think?
12-31-2002 07:24 AM
If your configuration is still like the following, the missing match statement (below the permit 20 line) may be causing all of your traffic to be sent to 10.150.0.29 (including EIGRP updates). I would also agree with the previous post that you should make two access lists. I included a possible config below but don't have two routers in front of me to test. Please verify before making changes. Also changed the mask for the second access list. It is unusual to see 0.0.1.255. Are you using a 24 bit mask on the remote LAN?
Current config:
interface e0/1
Description local LAN
ip address 172.16.90.1 255.255.255.0
ip policy route-map tointernet
interface s1/7
description remote site with a lan 10.1.25.0
ip policy route-map tointernet
route-map tointernet permit 10
match ip address 111
set ip default next-hop 172.16.94.1 10.150.0.29
route-map tointernet permit 20
set ip default next-hop 10.150.0.29 172.16.94.1
access-list 111 permit ip 172.16.90.0 0.0.0.255 any
access-list 111 permit ip 10.1.25.0 0.0.1.255 any
Possible solution:
interface e0/1
Description local LAN
ip address 172.16.90.1 255.255.255.0
ip policy route-map tointernet
interface s1/7
description remote site with a lan 10.1.25.0
ip policy route-map tointernet
route-map tointernet permit 10
match ip address 111
set ip default next-hop 172.16.94.1 10.150.0.29
route-map tointernet permit 20
match ip address 112
set ip default next-hop 10.150.0.29 172.16.94.1
access-list 111 permit ip 172.16.90.0 0.0.0.255 any
access-list 112 permit ip 10.1.25.0 0.0.0.255 any
12-31-2002 07:41 AM
All the route-map tointernet permit 20, with no match statement simply sets a default route for all packets that did not match the 111 ACL. (did not get cought by the sequence number 10)
Reference:
I do not believe this is my problem.
default next-hop simply Sets the next hop to which to route the packet, if there is no explicit route for this destination.
My problem is that the routing table, as managed by eigrp is loosing the route.
why would setting the next-hop address mess up eigrp?
Am I missing something?
12-31-2002 08:44 AM
I was on the same track as Steve's earlier post, that EIGRP traffic might be routed away instead of accepted. Possibly a bug in IOS code. I mocked up a similar situation on 12.2 code and did not lose the neighbor relationship adding the route map. What did you see with debug?
12-31-2002 09:18 AM
Ah Ha! So what I am trying to do does work, just not for me.
Wait... back to router programming 101, here for a second:
Show ver
IOS (tm) GS Software (GS7-AJ-M), Version 11.1(20), RELEASE SOFTWARE (fc1)
System image file is "slot0:gs7-aj-mz_111-20.bin", booted via slot0
Blast. I am running an antique router at this location. I may be asking too much from an old Cisco RP1 (7000 series).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide