Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Route-map

Hello,

I am trying to determine if you are able to block a route with a route-map.

I know i can block route through a distribute list. I can also block redistributing with a route map but can i make a route-map act as a distribute list and drop packets from 1 eigrp router to another?

I've been trying in a lab all morning and it doesn't seem to work.

route-map deny_172 deny 10

match ip address 1

interface fa0/0

ip policy route-map deny_172

access-list 1 permit 172.16.0.0 0.0.0.255

thanks

dan

15 REPLIES

Re: Route-map

What if you do the following :

route-map deny_172 permit 10

match ip address 1

interface fa0/0

ip policy route-map deny_172

access-list 1 deny 172.16.0.0 0.0.0.255

New Member

Re: Route-map

no sorry mate. Didn't work.

New Member

Re: Route-map

maybe i have to do the route map on the router distributing the routes. Is that my problem?

Re: Route-map

Are you talking about blocking 'access' from that network range or stopping that network from entering the eigrp RIB.

If you are talking about blocking access from that network range and you want to do this via a policy route (ip policy) and not a standard ACL, then try the following :-

route-map deny_172 permit 10

match ip address 1

set interface Null0

This will pass any trafffic from your ACL to the NULL0 interface therefore blackholing it.

That is if you want to deny access otherwise you have answered your own question by added the route-map to the redistribute line under router eigrp x.

So if the network was a static

redistribute static route-map deny_172

dont forget to add a permit ip any to your ACL otherwise EVERYTHING will be blocked

access-list 1 deny 172.16.0.0 0.0.0.255

access-list 1 permit any

New Member

Re: Route-map

yah route maps seem to work just fine for redistributing but internal to the eigrp doesn't seem to work for me.

Maybe that's not even a feature.

Re: Route-map

What do you mean by internal to eigrp ?

New Member

Re: Route-map

sorry i mean. I mean am not doing any redistributing.

Re: Route-map

Then I am not sure what you are trying to do, are you trying to filter that network range that is coming in from other eigrp neighbors ??

New Member

Re: Route-map

I have 2 routers both running eigrp.

router 1 has:

172.16.0.1 on fa0/1

10.0.0.1 on fa0/0

router 2 has

10.0.0.2 on fa0/0

I want to block the 172.16.0.x network from being shared by eigrp.

I know i can use a distribute-list to deny the 172.16.0.0 network to the other device. Although I haven't been able to drop the network with just a route-map.

Re: Route-map

Ah ok

You can use a distribute-list WITH a route-map attached :-

access-list 1 deny 172.16.0.0 0.0.0.255

access-list 1 permit any

route-map deny_172 permit 10

match ip address 1

redistribute eigrp route-map deny_172 in

or

redistribute eigrp route-map deny_172 out

depnding or which router

New Member

Re: Route-map

unfortunately you can't redistribute eigrp into eigrp. It says not allowed :)

Re: Route-map

Sorry I cut and paste by mistake

distribute-list route-map deny_172 in

or

distribute-list route-map deny_172 out

depnding or which router

New Member

Re: Route-map

hmmm. Would you say that this isn't possible without a distribute-list then.

My test was to block it without a distribute list but it doesn't seem to work.

Re: Route-map

I dont see how else you could do this, have you heard somewhere that you can then?

Hall of Fame Super Gold

Re: Route-map

Dan

As you have discovered the route map assigned under an interface is for Policy Based Routing which manages packet traffic and not routing updates.

You are correct that it is easy to use a route map to control redistribution. And as you are coming to realize it is not possible to configure a route map which will control normal EIGRP routing updates.

HTH

Rick

174
Views
0
Helpful
15
Replies
CreatePlease to create content