01-09-2010 10:55 PM - edited 03-04-2019 07:10 AM
Hello
I want to redistribute a single static entry into eigrp process using route-map but it doesnt seems to work
router eigrp 1
redistribute static route-map static
route-map static permit 10
match ip address prefix-list 100
ip prefix-list 100 seq 2 permit 192.168.100.0/24
I also have access-list 100 on the same router for another tunnel.
access-list 100 permit ip 10.10.100.0 0.0.255.255 192.168.5.0 0.0.0.255
Now ip prefix-list and access-list both are "100" will this conflict.
01-09-2010 11:45 PM
first make sure the prifix list match the static route exacty
and the problem of not getting the route redistrebuted in eigrp becuase you do not put the metrics
eigrp need to have metrics defuaned when you redistributed from other routings or you can use default mtric command
you can use nay values or values that need it in your network
just make you redistribution command like :
router eigrp 1
redistribute static metric 1 1 1 1 1 route-map static
if did not work redistriute wihtout using the route-map, then if the route redistributed thats mean there is issu with your prifix list but do not forgot the mtrics values
good luck
if helpfuk Rate
01-09-2010 11:50 PM
Hello Marwan,
You indicated:
the problem of not getting the route redistrebuted in eigrp becuase you do not put the metrics
This is not entirely true. Specifying a seed metric is required if you redistribute routes from a different routing protocol. However, if static or directly connected routes are redistributed, it is not required to specify a seed metric, as the metric of the outgoing interface for the respective route will be taken as the seed metric. Therefore I do not believe that specifying an explicit seed metric will solve the original poster's problem.
Best regards,
Peter
01-09-2010 11:47 PM
Hello,
Although it can be visually confusing, the ACL 100 and prefix list 100 are not in conflict. The route-map explicitely states that the 100 is a number of a prefix list. That said, I would personally recommend trying to not to use the same numbers for ACLs and prefix lists, just to be sure.
Another issue is why your redistribution does not work. The configuration you have posted here seems to be OK. Is the network 192.168.100.0/24 indeed in your routing table and is it recognized as static? Is it not a directly connected network or perhaps a route known by a different routing protocol? Also please try to look into the show ip eigrp topology output to see if there is the network 192.168.100.0/24 present - if yes, then it has been actually redistributed and the problem is perhaps that it does not appear on other routers.
Best regards,
Peter
01-10-2010 12:18 AM
Thanks for replying.
Consider it this way
Site_A is connected to Site_B via IPSEC GRE uisng static ACL to allow networks
Site_A is connected to Site_C via IPSEC_GRE using routing protocol EIGRP
On Site_A all networks for Site_B and Site_C are reachable, how can Site_C reach Site_B and vice-versa.
Thanks
ST
01-10-2010 12:48 AM
Hello Saquib,
I am sorry but I need to know more about your network. Do you perhaps have a topology of your network with IP prefixes so that I could understand your addressing plan? Would it also be possible to post here the complete output of the show ip route and show ip protocols output from all three sites? That would be very helpful.
Thanks in forward.
Best regards,
Peter
01-10-2010 01:32 AM
Thank you Peter you are right !
- ST
if you are running IPSec over GRE between three sites and from your description Site A looks like a hub site that has connections to both B and C
the question here are you running eigrp between the sites over the GRE tunnels ? if yes then through EIGRP you could achieve the readability between the sites
the other question here is the ipsec gre configured as DMVPN or not ? if yes are you using one tunnel interface in site A ? if yes you need to disable split horizon on site A tunnel interface of the DMVPN
i think as peter said if you put a diagram will be easier to us to give you suggestions
thank you
01-10-2010 02:14 AM
Thanks for replying.
EIGRP is running over GRE Tunnel between Site_A and Site_C only.
IPSEC with static ACL is running between Site_A and Site_B
Site_A can be considered as HUB, its not a DMVPN kinda setup.
Question was how Site_B can get Site_C routes and vice-versa?
I hope the diagram is helpful.
Thanks
ST
01-10-2010 02:45 AM
Hi Saquib,
Let's go over individual sites.
On Site C, you are running the EIGRP towards Site A. I also assume that the Site A has a static route towards the network 10.0.0.0/24 present on the Site B. The EIGRP on Site A should be therefore configured to advertise the network 10.0.0.0/24 to Site C through the GRE tunnel. It should be redistributed on R1 into EIGRP as a static route. This way, the Site C will be aware of the network and will route packets towards it through the GRE tunnel to Site A. The Site A will subsequently route the packets to the Site B.
On Site B, you do not have any routing protocol so you are left only with static routing. The Site B is fine with a simple static default route. However, the networks 192.168.10.0/24, 192.168.11.0/24 and 192.168.12.0/24 should be added to the crypto map ACL used at the site B so that traffic going to these destinations will be IPsec-encapsulated and sent towards R1 at Site A. The R1 will decrypt the packets and subsequently route it towards Site C over the GRE tunnel (obviously encrypting it again).
So in short:
Best regards,
Peter
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: