Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

FWSM 2.3 OSPF prefix-lists

I'm trying to get a route-map on a FWSM to work with a prefix-list, but in the match criteria it does not appear that you can enter in a prefix-list. I can create a prefix-list, but am unable to use it in a route-map.

Anyone have any insight as to why this isn't supported?

route-map ospf-default permit 10

match ip address prefix-lists Check

17 REPLIES
Community Member

Re: FWSM 2.3 OSPF prefix-lists

Use the match ip address command in route-map configuration mode. To restore the default settings, use the no form of this command.

match ip address {acl...}

no match ip address {acl...}

Name an access list. Multiple access lists can be specified.

Community Member

Re: FWSM 2.3 OSPF prefix-lists

I had tried that earlier but I cannot get the FWSM to advertise a default route with this method.

I am getting hits on my ACL entries that are referenced in the route-map match statement, but no default route is generated.

When I simply use the default-information originate always command the 0.0.0.0 route is advertised.

Purple

Re: FWSM 2.3 OSPF prefix-lists

Hi,

Would you be able to post the config you are using (with the route-map statement).

Note that even when you are using a route-map to carry out conditional advertisement of the default route, the default route has to exist in the routing table. Otherwise, it will not be advertised even if the route-map permits it. You can use the following syntax:

'default-information originate always route-map mapName'

With the above command, the default-route will be injected only if the route-map is satisfied. The default route does not need to exist in the routing table for this to work.

Hope that helps,

Paresh.

Community Member

Re: FWSM 2.3 OSPF prefix-lists

Thanks Paresh. I did try it with the always keyword and couldn't get ospf to send the default route that way either. My understanding is that so long as the 5.5.5.5 route is in the routing table, ospf should advertise the default route to its neighbors.

router ospf 1

network 192.168.10.5 255.255.255.0 area 10

default-information originate always route-map OSPF-Default

route-map OSPF-Default permit 10

match ip address 1

access-list 1 standard permit 5.5.5.5

Purple

Re: FWSM 2.3 OSPF prefix-lists

Hi again...

Would you be able to post the output of 'sh ip route 5.5.5.5' and also 'sh ip ospf database' ?

regards,

Paresh.

Community Member

Re: FWSM 2.3 OSPF prefix-lists

I won't be onsite again until next week, but there is definitely a route to 5.5.5.5 in the routing table. The sh ip ospf database has about 3000+ entries.

Don't you think this configuration should work? Especially since the ACL is getting hits.

Purple

Re: FWSM 2.3 OSPF prefix-lists

Hello,

I definitely think the config should work, especially since I've just labbed it up ...

Instead of getting the whole database, could you just do the following: 'sh ip ospf database | i 0.0.0.0'. What I'm trying to determine is whether a type-5 LSA for the default is being generated at all... It could be possible that the LSA is generated but the route is not installed by the neighboring routers...

Paresh,

Community Member

Re: FWSM 2.3 OSPF prefix-lists

Paresh - Thank you for your assistance. Do you want me to issue the 'sh ip ospf database | include 0.0.0.0' on my downstream router (in this case my 6500 msfc). My fwsm is not always getting a default route from its 'upstream router' but with the 'always' keyword it should still advertise it to its 'downstream' ospf neighbor so long as the 5.5.5.5 route is present.

Mike

Purple

Re: FWSM 2.3 OSPF prefix-lists

Hi Mike,

The downstream router should be fine. Beign a type-5 LSA, it should be present in an identical fashion in the OSPF database of all non-stub routers in your domain.

Paresh.

Community Member

Re: FWSM 2.3 OSPF prefix-lists

Paresh,

Nothing shows up when I issue a sh ip ospf | in 0.0.0.0 on the downstream router, even when the 5.5.5.5 route is present on my FWSM.

Does it matter if I have two OSPF processes on my FWSM?

router ospf 10

network 10.10.10.0 255.255.255.0 area 2

router ospf 2

network 2.2.2.0 255.255.255.0 area 0

default-information originate always route-map OSPFDefault

The 5.5.5.5 route referenced in the route-map is learned via ospf process 10.

Thanks.

Purple

Re: FWSM 2.3 OSPF prefix-lists

Hi again,

The fact that the referenced route is learned via another OSPF process should not matter. I have just tried that situation in my lab and it works fine.

I reckon you have hit a bug and need to log a TAC case with Cisco.

Hope that helps,

Paresh.

Community Member

Re: FWSM 2.3 OSPF prefix-lists

Paresh -

Just for comparison, what versions of code are you running on the FWSM and your 6500?

Thanks for your support.

Purple

Re: FWSM 2.3 OSPF prefix-lists

Hi Michael,

Unfortunately, I don't have a FWSM that I can lab this up. I just tried it out on my 2600 in order to verify that the feature does indeed work as expected.

Paresh.

Community Member

Re: FWSM 2.3 OSPF prefix-lists

The OSPF implementation on the FWSM doesn't seem to be as robust as on a router or 6500. It may be by design, but I would think it should still exhibit the same behavior for the functionality that it does provide.

Purple

Re: FWSM 2.3 OSPF prefix-lists

Agreed, which is why I think you should log a TAC case. I checked the bug tool and there are a number of OSPF-related bugs on the FWSM but none that matches this issue.

Paresh.

Community Member

Re: FWSM 2.3 OSPF prefix-lists

I have a TAC case open and they have seen this same situation that I saw in my setup. They are escalating it to a DE to look into the potential software defect.

Purple

Re: FWSM 2.3 OSPF prefix-lists

Great. It does appear to be a bug, then...

Good luck with it.

Paresh

403
Views
0
Helpful
17
Replies
CreatePlease to create content