Re: Redistribute Static

saquib.tandel · ‎01-09-2010

Hello

I want to redistribute a single static entry into eigrp process using route-map but it doesnt seems to work

router eigrp 1

redistribute static route-map static

route-map static permit 10

match ip address prefix-list 100

ip prefix-list 100 seq 2 permit 192.168.100.0/24

I also have access-list 100 on the same router for another tunnel.

access-list 100 permit ip 10.10.100.0 0.0.255.255 192.168.5.0 0.0.0.255

Now ip prefix-list and access-list both are "100" will this conflict.

Marwan ALshawi · ‎01-09-2010

first make sure the prifix list match the static route exacty

and the problem of not getting the route redistrebuted in eigrp becuase you do not put the metrics

eigrp need to have metrics defuaned when you redistributed from other routings or you can use default mtric command

you can use nay values or values that need it in your network

just make you redistribution command like :

router eigrp 1

redistribute static metric 1 1 1 1 1 route-map static

if did not work redistriute wihtout using the route-map, then if the route redistributed thats mean there is issu with your prifix list but do not forgot the mtrics values

good luck

if helpfuk Rate

Peter Paluch · ‎01-09-2010

Hello Marwan,

You indicated:

the problem of not getting the route redistrebuted in eigrp becuase you do not put the metrics

This is not entirely true. Specifying a seed metric is required if you redistribute routes from a different routing protocol. However, if static or directly connected routes are redistributed, it is not required to specify a seed metric, as the metric of the outgoing interface for the respective route will be taken as the seed metric. Therefore I do not believe that specifying an explicit seed metric will solve the original poster's problem.

Best regards,

Peter

Peter Paluch · ‎01-09-2010

Hello,

Although it can be visually confusing, the ACL 100 and prefix list 100 are not in conflict. The route-map explicitely states that the 100 is a number of a prefix list. That said, I would personally recommend trying to not to use the same numbers for ACLs and prefix lists, just to be sure.

Another issue is why your redistribution does not work. The configuration you have posted here seems to be OK. Is the network 192.168.100.0/24 indeed in your routing table and is it recognized as static? Is it not a directly connected network or perhaps a route known by a different routing protocol? Also please try to look into the show ip eigrp topology output to see if there is the network 192.168.100.0/24 present - if yes, then it has been actually redistributed and the problem is perhaps that it does not appear on other routers.

Best regards,

Peter

saquib.tandel · ‎01-10-2010

Thanks for replying.

Consider it this way

Site_A is connected to Site_B via IPSEC GRE uisng static ACL to allow networks

Site_A is connected to Site_C via IPSEC_GRE using routing protocol EIGRP

On Site_A all networks for Site_B and Site_C are reachable, how can Site_C reach Site_B and vice-versa.

Thanks

ST

Peter Paluch · ‎01-10-2010

Hello Saquib,

I am sorry but I need to know more about your network. Do you perhaps have a topology of your network with IP prefixes so that I could understand your addressing plan? Would it also be possible to post here the complete output of the show ip route and show ip protocols output from all three sites? That would be very helpful.

Thanks in forward.

Best regards,

Peter

Marwan ALshawi · ‎01-10-2010

Thank you Peter you are right !

- ST

if you are running IPSec over GRE between three sites and from your description Site A looks like a hub site that has connections to both B and C

the question here are you running eigrp between the sites over the GRE tunnels ? if yes then through EIGRP you could achieve the readability between the sites

the other question here is the ipsec gre configured as DMVPN or not ? if yes are you using one tunnel interface in site A ? if yes you need to disable split horizon on site A tunnel interface of the DMVPN

i think as peter said if you put a diagram will be easier to us to give you suggestions

thank you

saquib.tandel · ‎01-10-2010

Thanks for replying.

EIGRP is running over GRE Tunnel between Site_A and Site_C only.

IPSEC with static ACL is running between Site_A and Site_B

Site_A can be considered as HUB, its not a DMVPN kinda setup.

Question was how Site_B can get Site_C routes and vice-versa?

I hope the diagram is helpful.

Thanks

ST

Peter Paluch · ‎01-10-2010

Hi Saquib,

Let's go over individual sites.

On Site C, you are running the EIGRP towards Site A. I also assume that the Site A has a static route towards the network 10.0.0.0/24 present on the Site B. The EIGRP on Site A should be therefore configured to advertise the network 10.0.0.0/24 to Site C through the GRE tunnel. It should be redistributed on R1 into EIGRP as a static route. This way, the Site C will be aware of the network and will route packets towards it through the GRE tunnel to Site A. The Site A will subsequently route the packets to the Site B.

On Site B, you do not have any routing protocol so you are left only with static routing. The Site B is fine with a simple static default route. However, the networks 192.168.10.0/24, 192.168.11.0/24 and 192.168.12.0/24 should be added to the crypto map ACL used at the site B so that traffic going to these destinations will be IPsec-encapsulated and sent towards R1 at Site A. The R1 will decrypt the packets and subsequently route it towards Site C over the GRE tunnel (obviously encrypting it again).

So in short:

Redistribute the network 10.0.0.0/24 into EIGRP on R1. After this, Site C should know about Site B.
Add the networks 192.168.10.0/24, 192.168.11.0/24, 192.168.12.0/24 to the crypto map ACL on the Site B. The Site B probably already has a default route so it does not need adding more static routes (in fact, it "knows" about Site C) but the traffic going to these networks should be IPsec encapsulated.

Best regards,

Peter