Boy do I feel stupid. After spending hours of scratching my head at why this is not working yet, as OSPF seems to be gettings tags but RIP is not, that is when I really put my work under a microscope and found that I was applying OSPF2RIP in OSPF router config and the other way around (I think). I have no other way to logically explain why they are working today, as they actually didn’t work earlier as well after “wr er” / “reload” / reconfigure.
So I stripped all redistribution off, deleted the route-maps, and started from square 1, again. Then when I was struggling to remember which way it went with applying what route-map to which protocol, I might have been on auto-pilot last night and completely overlooked that as the issue!
So here is how I applied a fix for that:
R3(config-router)#router ospf 1
R3(config-router)#redistribute rip subnets route-map RIP2OSPF
R3(config-router)#router rip
R3(config-router)#redistribute ospf 1 route-map OSPF2RIP metric 2
R3(config-router)#do sh route-map
route-map OSPF2RIP, permit, sequence 10
Match clauses:
Set clauses:
tag 10
Policy routing matches: 0 packets, 0 bytes
route-map RIP2OSPF, permit, sequence 10
Match clauses:
Set clauses:
tag 20
Policy routing matches: 0 packets, 0 bytes
And this is where I was able to verify and FINALLY see the results I was looking for(!!!):
R3(config-router)#
ASR#3
[Resuming connection 3 to r4 … ]
R4#show ip route ospf
Gateway of last resort is not set
5.0.0.0/24 is subnetted, 1 subnets
O E2 5.5.5.0 [110/20] via 172.12.34.3, 00:02:47, FastEthernet0/1
172.12.0.0/16 is variably subnetted, 4 subnets, 2 masks
O E2 172.12.15.0/24 [110/20] via 172.12.34.3, 00:02:47, FastEthernet0/1
O E2 172.12.123.0/24 [110/20] via 172.12.34.3, 00:02:47, FastEthernet0/1
R4#show ip route 5.5.5.5
Routing entry for 5.5.5.0/24
Known via “ospf 1”, distance 110, metric 20
Tag 20, type extern 2, forward metric 1
Last update from 172.12.34.3 on FastEthernet0/1, 00:02:05 ago
Routing Descriptor Blocks:
* 172.12.34.3, from 3.3.3.3, 00:02:05 ago, via FastEthernet0/1
Route metric is 20, traffic share count is 1
Route tag 20
ASR#1
[Resuming connection 1 to r1 … ]
R1#show ip route rip
4.0.0.0/32 is subnetted, 1 subnets
R 4.4.4.4 [120/2] via 172.12.123.3, 00:00:00, Serial0/0
172.12.0.0/24 is subnetted, 3 subnets
R 172.12.34.0 [120/1] via 172.12.123.3, 00:00:00, Serial0/0
40.0.0.0/32 is subnetted, 1 subnets
R 40.40.40.1 [120/2] via 172.12.123.3, 00:00:00, Serial0/0
44.0.0.0/32 is subnetted, 1 subnets
R 44.44.44.1 [120/2] via 172.12.123.3, 00:00:00, Serial0/0
R1#show route 4.4.4.4
route-map 4.4.4.4 not found
R1#show ip route 4.4.4.4
Routing entry for 4.4.4.4/32
Known via “rip”, distance 120, metric 2
Tag 10
Redistributing via rip
Last update from 172.12.123.3 on Serial0/0, 00:00:16 ago
Routing Descriptor Blocks:
* 172.12.123.3, from 172.12.123.3, 00:00:16 ago, via Serial0/0
Route metric is 2, traffic share count is 1
Route tag 10
R1#
OSPF is showing up as tag 10 on the RIP side, and RIP routes as tagged 20 on the OSPF side. Now I am going to try redistributing connected routes with these same route-maps and see if that breaks anything, and if not we will cap it off by adding some deny statements in our route-maps:
R3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#router rip
R3(config-router)#redistribute connected route-map OSPF2RIP metric 3
R3(config-router)#router ospf 1
R3(config-router)#redistribute connected subnets route-map RIP2OSPF
R3(config-router)#
And now to pray I have some routes on R1:
R1#sh ip route rip
3.0.0.0/32 is subnetted, 1 subnets
R 3.3.3.3 [120/3] via 172.12.123.3, 00:00:22, Serial0/0
4.0.0.0/32 is subnetted, 1 subnets
R 4.4.4.4 [120/2] via 172.12.123.3, 00:00:22, Serial0/0
172.12.0.0/24 is subnetted, 3 subnets
R 172.12.34.0 [120/1] via 172.12.123.3, 00:00:22, Serial0/0
40.0.0.0/32 is subnetted, 1 subnets
R 40.40.40.1 [120/2] via 172.12.123.3, 00:00:22, Serial0/0
44.0.0.0/32 is subnetted, 1 subnets
R 44.44.44.1 [120/2] via 172.12.123.3, 00:00:22, Serial0/0
R1#
This is a sweet roll to be on, where was this last night! I think it was both that I was getting the route-map’s named mixed up, and I was relying too much on how it was worded rather than what actions were happening. It took a mix of “show ip proto” / “sh route-map / “sh run” (which I wouldn’t count on for exam day) to read the route maps and how they will impact each other as explained below.
I will now attempt to do one more thing, add deny’s into the route maps, which is really the core of this lesson is using tags to stop route leaks or route loops from forming. Both route-maps have a “permit 10” sequence #, with a “set tag 10/20” to define ‘let all the traffic through but apply this tag to it’.
However the trick to this is placing the deny sequence # lower than the permit / set tag sequence for it to filter traffic, otherwise it will just hit the ‘let everything through with a tag’ clause and skip the deny clause, so this is why you want to plan for both current and future growth of sequences. So will make these both sequence 5, so I have 1-4 and 6-9 to add additional clauses as needed
**REMEMBER YOU WANT TO WRITE ‘PERMIT’ SEQUENCES TO ‘SET’ A TAG FOR ROUTES, AND WRITE ‘DENY’ SEQUENCES TO ‘MATCH’ THE TAG # TO BE FILTERED!!**
Now I am done yelling at myself lets get back to configuring:
R3(config-router)#exit
R3(config)#route-map OSPF2RIP deny 5
R3(config-route-map)#match tag 10
% “OSPF2RIP” used as redistribute connected into rip route-map, tag match not supported
R3(config-route-map)#route-map RIP2OSPF deny 5
R3(config-route-map)#match tag 20
% “RIP2OSPF” used as redistribute connected into ospf route-map, tag match not supported
As you can see by the complaints we got from the console about connected routes, that they are already active, and as soon as I hit enter to “match” the tag # to on the route-maps deny list, it kicked out the message about connected routes don’t support tag matching.
So lets once more see if R1 survived this change:
R1#show ip route rip
4.0.0.0/32 is subnetted, 1 subnets
R 4.4.4.4 [120/2] via 172.12.123.3, 00:00:14, Serial0/0
172.12.0.0/24 is subnetted, 3 subnets
R 172.12.34.0 [120/1] via 172.12.123.3, 00:00:15, Serial0/0
40.0.0.0/32 is subnetted, 1 subnets
R 40.40.40.1 [120/2] via 172.12.123.3, 00:00:15, Serial0/0
44.0.0.0/32 is subnetted, 1 subnets
R 44.44.44.1 [120/2] via 172.12.123.3, 00:00:15, Serial0/0
Amazing, well that is going to do it for me today, that was relatively easy, just be sure to watch how you are applying those route-map’s, AND NAME THEM AS INTUITIVELY AS POSSIBLE to not make the mistakes I did.
For review of how it should look on the ASBR, I’m going to paste the running configuration below for future reference, and that is it for tonight and then onto PBR lessons :
R3#sh run
Building configuration…
Current configuration : 1588 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$.iVA$HbHo0g/PqIytO6Yf5XLAm1
!
no aaa new-model
!
resource policy
!
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
controller T1 0/0
framing sf
linecode ami
!
controller T1 0/1
framing sf
linecode ami
!
!
!
!
!
!
interface Loopback3
ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.12.34.3 255.255.255.0
duplex auto
speed auto
!
interface Serial0/2
ip address 172.12.123.3 255.255.255.0
no fair-queue
!
interface Serial0/3
no ip address
shutdown
!
router ospf 1
log-adjacency-changes
redistribute connected subnets route-map RIP2OSPF
redistribute rip subnets route-map RIP2OSPF
network 172.12.34.0 0.0.0.255 area 0
!
router rip
version 2
redistribute connected metric 3 route-map OSPF2RIP
redistribute ospf 1 metric 2 route-map OSPF2RIP
network 172.12.0.0
no auto-summary
!
!
!
ip http server
no ip http secure-server
!
!
!
!
route-map OSPF2RIP deny 5
match tag 10
!
route-map OSPF2RIP permit 10
set tag 10
!
route-map RIP2OSPF deny 5
match tag 20
!
route-map RIP2OSPF permit 10
set tag 20
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
password CCNP
logging synchronous
login
!
!
end
R3#
The DEVNET GRIND! 