(Added interface #’s to the Topology as we increase working with both IP’s and interfaces)
I wanted to touch this quick before moving on to policy routing, whether Distribute-Lists can block certain networks from a Summary Route, or if it’s possibly at all. So I’ll run through it quick here to move on:
Distribute-List vs Summary Route on R5, Standard vs Extended ACL’s
First I want to confirm that my Distribute-List configured in OSPF is still blocking 5.5.5.5 from Redistributing into OSPF from the vantage of R2:
R2#show ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/65] via 172.12.123.1, 00:05:28, Serial0/0
100.0.0.0/13 is subnetted, 1 subnets
O E1 100.0.0.0 [110/84] via 172.12.123.1, 00:05:28, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/65] via 172.12.123.3, 00:05:28, Serial0/0
172.12.0.0/24 is subnetted, 4 subnets
O E1 172.12.15.0 [110/84] via 172.12.123.1, 00:05:28, Serial0/0
11.0.0.0/24 is subnetted, 1 subnets
O E1 11.11.11.0 [110/84] via 172.12.123.1, 00:05:28, Serial0/0
R2#
It looks like the Distribute-List is still rocking, so I am going to attempt to add onto the existing ACL on R1 for it:
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#do sh access-list 5
Standard IP access list 5
10 deny 5.5.5.5 (1 match)
20 permit any (3 matches)
R1(config)#access-list 5 ?
deny Specify packets to reject
permit Specify packets to forward
remark Access list entry comment
R1(config)#access-list 5 deny ?
Hostname or A.B.C.D Address to match
any Any source host
host A single host address
R1(config)#access-list 5 deny 100.3.0.0 ?
A.B.C.D Wildcard bits
log Log matches against this entry
<cr>
R1(config)#access-list 5 deny 100.3.0.0 0.0.255.255 ?
log Log matches against this entry
<cr>
This is to demonstrate that with Standard Access-Lists you cannot add lines where you need them, that is going to require an Extended Access-Lists. Any new / additional statements to ACL 5 will be tacked onto the end, and they will be useless due to the permit any already on the ACL.
SO, I will blow away that ACL and try an Extended ACL that just uses ‘any’ for a destination addy, to simulate the feel of a Standard ACL. I’m also going to give it a name, to see if Distribute-Lists will accept named ACL’s, and it’s name will be “Bob”.
Now I have a couple piece of output here, as I was curious after I remove the list, will the Distribute-List dynamically be pulled from the OSPF config once it is removed from the router, and if it is isn’t will R2 then be able to see 5.5.5.5 anyways:
R1(config)#no access-list 5
R1(config)#ip access-list extended Bob
R1(config-ext-nacl)#10 deny ip host 5.5.5.5 any
R1(config-ext-nacl)#20 deny ip 100.4.0.0 0.0.255.255 any
R1(config-ext-nacl)#30 deny ip 100.6.0.0 0.0.255.255 any
R1(config-ext-nacl)#40 permit ip any any
R1(config-ext-nacl)#exit
ACL 5 is gone and Bob is now rampant on R1, lets look at the running config:
R1(config)#do show run
Building configuration…
(run output)
!
router ospf 1
log-adjacency-changes
area 0 authentication message-digest
redistribute eigrp 100 subnets route-map EIGRP2OSPF
network 1.1.1.1 0.0.0.0 area 0
network 172.12.123.0 0.0.0.255 area 0
neighbor 172.12.123.2
neighbor 172.12.123.3
distribute-list 5 out eigrp 100
!
(More run output)
R1(config)#
And it is still referencing ACL 5, so we will want to remove that as well (which we do anyways as best practice before adding our Bob Distribute-List), but to confirm on R2:
ASR#2
[Resuming connection 2 to r2 … ]
R2#sh ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/65] via 172.12.123.1, 00:40:24, Serial0/0
100.0.0.0/13 is subnetted, 1 subnets
O E1 100.0.0.0 [110/84] via 172.12.123.1, 00:40:24, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/65] via 172.12.123.3, 00:40:24, Serial0/0
5.0.0.0/32 is subnetted, 1 subnets
O E1 5.5.5.5 [110/84] via 172.12.123.1, 00:03:34, Serial0/0
172.12.0.0/24 is subnetted, 4 subnets
O E1 172.12.15.0 [110/84] via 172.12.123.1, 00:40:24, Serial0/0
11.0.0.0/24 is subnetted, 1 subnets
O E1 11.11.11.0 [110/84] via 172.12.123.1, 00:40:24, Serial0/0
R2#
Sure enough 5.5.5.5 returns to the route table. So time to see if we can apply Bob in ACL 5’s stead and see what happens:
R1(config-router)#no distribute-list 5 out eigrp 100
R1(config-router)#distribute-list Bob out eigrp 100
Access-list type conflicts with prior definition
% This command only accepts named standard IP access-lists.
R1(config-router)#
So the lesson learned here – ***DISTRIBUTE-LISTS ONLY ACCEPT STANDARD ACL’S!!!***
My training materials only instructed to use Standard ACL’s for distribute-lists but did not specifically mention that Extended ACL’s would not take, so I am going to keep Bob around for another test here but first lets see about making a new ACL 5 and applying it:
R1(config-router)#exit
R1(config)#access-list 5 deny host 5.5.5.5
R1(config)#access-list 5 deny 100.4.0.0 0.0.255.255
R1(config)#access-list 5 deny 100.6.0.0 0.0.255.255
R1(config)#access-list 5 permit any
R1(config)#router ospf 1
R1(config-router)#distribute-list 5 out eigrp 100
R1(config-router)#
ASR#2
[Resuming connection 2 to r2 … ]
R2#sh ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/65] via 172.12.123.1, 00:57:03, Serial0/0
100.0.0.0/13 is subnetted, 1 subnets
O E1 100.0.0.0 [110/84] via 172.12.123.1, 00:57:03, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/65] via 172.12.123.3, 00:57:03, Serial0/0
172.12.0.0/24 is subnetted, 4 subnets
O E1 172.12.15.0 [110/84] via 172.12.123.1, 00:57:03, Serial0/0
11.0.0.0/24 is subnetted, 1 subnets
O E1 11.11.11.0 [110/84] via 172.12.123.1, 00:57:03, Serial0/0
R2#ping 100.4.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.4.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/65/68 ms
R2#
So it worked for 5.5.5.5, but it didn’t even touch the connectivity of the Summary Route, so I am going for the full on block of the Summary itself as one last try with Distribute-Lists:
R1(config-router)#exit
R1(config)#no access-list 5
R1(config)#access-list 5 deny host 5.5.5.5
R1(config)#access-list 5 deny 100.0.0.0 0.7.255.255
R1(config)#access-list 5 permit any
R1(config)#
ASR#2
[Resuming connection 2 to r2 … ]
R2#show ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/65] via 172.12.123.1, 00:59:53, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/65] via 172.12.123.3, 00:59:53, Serial0/0
172.12.0.0/24 is subnetted, 4 subnets
O E1 172.12.15.0 [110/84] via 172.12.123.1, 00:00:08, Serial0/0
11.0.0.0/24 is subnetted, 1 subnets
O E1 11.11.11.0 [110/84] via 172.12.123.1, 00:0008, Serial0/0
R2#
Aaaaaaaaaand it’s gone! Notice I didn’t need to touch the distribute-list config as it’s already reference ACL 5, I just had to recreate ACL 5, and it kicked right in. So I want to keep my Summary Route in the mix, so I’ll set the Distribute-List back to only filtering 5.5.5.5 and see what we can do with Route-maps:
R1(config)#no access-list 5
R1(config)#access-list 5 deny 5.5.5.5
R1(config)#access-list 5 permit any
R1(config)#
So to move things right along, what’s see if we can use our Redistribution Route-Map to enforce Bob on our unsuspecting victim the Summary-Route:
Extended ACL blocking certain networks in a Summary Route on Route-map via Redistribution
Since we already have a route-map on our routes redistributing into OSPF, I wanted to see if I could possibly sneak a “Bob”clause in there to stop connectivity to 100.4.0.0 and 100.6.0.0, and of course to start this we want to examine our route-maps for the proper sequence spot for it to be inserted:
R1(config)#do sh route-map
route-map EIGRP2OSPF, deny, sequence 5
Match clauses:
tag 110
Set clauses:
Policy routing matches: 0 packets, 0 bytes
(Right here before the (‘permit all’) tagging traffic)
route-map EIGRP2OSPF, permit, sequence 10
Match clauses:
Set clauses:
metric-type type-1
tag 100
Policy routing matches: 0 packets, 0 bytes
route-map OSPF2EIGRP, deny, sequence 10
Match clauses:
tag 100
Set clauses:
Policy routing matches: 0 packets, 0 bytes
route-map OSPF2EIGRP, permit, sequence 15
Match clauses:
Set clauses:
tag 110
Policy routing matches: 0 packets, 0 bytes
R1(config)#
We want it before sequence 10 because that clause will permit all traffic and tag it with a 100, so I’ll put it between our tag deny and permit sequences:
R1(config)#route-map EIGRP2OSPF deny 8
R1(config-route-map)#match ip add Bob
R1(config-route-map)#
ASR#2
[Resuming connection 2 to r2 … ]
R2#sh ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/65] via 172.12.123.1, 01:22:53, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/65] via 172.12.123.3, 01:22:53, Serial0/0
R2#
So it sort of worked, I guess, but now we are missing every external route despite my ‘permit ip any any’ at the end of the Bob. So I review Bob on R1 to see if anything looks wrong in the configuration in show run:
ip access-list extended Bob
deny ip host 5.5.5.5 any
deny ip 100.4.0.0 0.0.255.255 any
deny ip 100.6.0.0 0.0.255.255 any
permit ip any any
And then R2 once Bob is removed:
R2#show ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/65] via 172.12.123.1, 01:29:55, Serial0/0
100.0.0.0/13 is subnetted, 1 subnets
O E1 100.0.0.0 [110/84] via 172.12.123.1, 00:00:06, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/65] via 172.12.123.3, 01:29:55, Serial0/0
172.12.0.0/24 is subnetted, 4 subnets
O E1 172.12.15.0 [110/84] via 172.12.123.1, 00:00:06, Serial0/0
11.0.0.0/24 is subnetted, 1 subnets
O E1 11.11.11.0 [110/84] via 172.12.123.1, 00:00:06, Serial0/0
So the interesting thing, is R1 is configured with 11.11.11.0 /24 and 172.12.15.0 /24 on it’s EIGRP configuration, however the access-list match on the route-map Redistributing EIGRP routes just blocks everything from EIGRP if applied at all.
So it turns out, there is no room in this network for Bob (yet), poor guy.
Configuring 3-way Route Redistribution with tagging via Route-Maps
I was going to move onto Policy Routing, but until all of my networks know of eachother, I don’t many hops around the network to mess with Policy Routing, so I am going to attempt to Redistribute OSPF / EIGRP / RIP into eachother on R3, again using the Tags listed in the Topology:
I felt it was a good idea to post it down here as well, as it may belong down here for this even more. So lettuce not waste any time, and get right into the configuration, I’m going to start with 2-way between OSPF and EIGRP ensure our tagging is working to separate the 2 EIGRP domains:
R3#
R3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#route-map EIGRP2OSPF permit 10
R3(config-route-map)#set tag 200
R3(config-route-map)#route-map OSPF2EIGRP deny 10
R3(config-route-map)#match tag 200
R3(config-route-map)#route-map OSPF2EIGRP permit 20
R3(config-route-map)#set tag 110
R3(config-route-map)#router ospf 1
R3(config-router)#redistribute eigrp 100 route-map EIGRP2OSPF subnets
R3(config-router)#router eigrp 200
R3(config-router)#default-metric 1544 10 255 1 1500
R3(config-router)#redistribute ospf 1 route-map OSPF2EIGRP
R3(config-router)#
I am feeling pretty confident in this configuration, though I did delete a LOT of ? output for clarity sake of the configuration, I think we are going to see both EIGRP domains routes in each others route table with no route leaking (and of course OSPF will now have all EIGRP routes from the Topology). Lets check it out on R4:
R4#sh ip route eigrp
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
D EX 1.1.1.1 [170/1662976] via 172.12.34.3, 00:04:17, FastEthernet0/1
2.0.0.0/32 is subnetted, 1 subnets
D EX 2.2.2.2 [170/1662976] via 172.12.34.3, 00:04:17, FastEthernet0/1
3.0.0.0/32 is subnetted, 1 subnets
D EX 3.3.3.3 [170/1662976] via 172.12.34.3, 00:04:17, FastEthernet0/1
11.0.0.0/24 is subnetted, 1 subnets
D EX 11.11.11.0 [170/1662976] via 172.12.34.3, 00:04:17, FastEthernet0/1
100.0.0.0/13 is subnetted, 1 subnets
D EX 100.0.0.0 [170/1662976] via 172.12.34.3, 00:04:17, FastEthernet0/1
172.12.0.0/16 is variably subnetted, 4 subnets, 2 masks
D EX 172.12.15.0/24
[170/1662976] via 172.12.34.3, 00:04:17, FastEthernet0/1
D EX 172.12.123.0/24
[170/1662976] via 172.12.34.3, 00:04:17, FastEthernet0/1
R4#
Beautiful, notice 5.5.5.5 is still being filtered by the Distribute-List, lets check R2 and R5 to confirm they are looking good as well:
R2#
R2#sh ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/65] via 172.12.123.1, 00:08:10, Serial0/0
100.0.0.0/13 is subnetted, 1 subnets
O E1 100.0.0.0 [110/84] via 172.12.123.1, 00:08:10, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/65] via 172.12.123.3, 00:08:10, Serial0/0
172.12.0.0/24 is subnetted, 4 subnets
O E1 172.12.15.0 [110/84] via 172.12.123.1, 00:08:10, Serial0/0
11.0.0.0/24 is subnetted, 1 subnets
O E1 11.11.11.0 [110/84] via 172.12.123.1, 00:08:10, Serial0/0
R2#
Problem #1: Where the fudge are R4’s redistributed routes? So this is going to be an issue I need to look into, let’s see how R5 is looking:
R5#sh ip route eigrp
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
D EX 1.1.1.1 [170/1662976] via 172.12.15.1, 02:33:22, FastEthernet0/1
2.0.0.0/32 is subnetted, 1 subnets
D EX 2.2.2.2 [170/1662976] via 172.12.15.1, 02:31:11, FastEthernet0/1
11.0.0.0/24 is subnetted, 1 subnets
D 11.11.11.0 [90/156160] via 172.12.15.1, 02:33:22, FastEthernet0/1
100.0.0.0/8 is variably subnetted, 15 subnets, 3 masks
D 100.0.0.0/13 is a summary, 02:33:27, Null0
172.12.0.0/16 is variably subnetted, 3 subnets, 2 masks
D EX 172.12.123.0/24
[170/1662976] via 172.12.15.1, 02:33:22, FastEthernet0/1
R5#
Problem #2 Routes are also missing here!
So I am beginning to think that perhaps this is a config on R4 and what networks it is advertising in it’s EIGRP domain, so time to start the troubleshooting, so lets take a look at R4’s configurations to find the issue here:
R4#show ip proto
(Output)
Automatic Summarization: disabled
Maximum path: 4
Routing for Networks:
4.4.4.4/32
172.12.34.0/24
Routing Information Sources:
Gateway Distance Last Update
172.12.34.3 90 00:19:03
Distance: internal 90 external 170
R4#
So that should be working, was the redistribution messed up somehow?
R3#sh route-map
route-map EIGRP2OSPF, permit, sequence 10
Match clauses:
Set clauses:
tag 200
Policy routing matches: 0 packets, 0 bytes
route-map OSPF2EIGRP, deny, sequence 10
Match clauses:
tag 200
Set clauses:
Policy routing matches: 0 packets, 0 bytes
route-map OSPF2EIGRP, permit, sequence 20
Match clauses:
Set clauses:
tag 110
Policy routing matches: 0 packets, 0 bytes
R3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#route-map EIGRP2OSPF deny 5
R3(config-route-map)#match tag 110
R3(config-route-map)#
One glaring mistake, I forgot to put a sequence before the permit, to deny traffic back out into OSPF with it’s tag of 110 from EIGRP AS 200. Lets see if that (hopefully) did the trick here:
R2#sh ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/65] via 172.12.123.1, 00:16:06, Serial0/0
100.0.0.0/13 is subnetted, 1 subnets
O E1 100.0.0.0 [110/84] via 172.12.123.1, 00:16:06, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/65] via 172.12.123.3, 00:16:06, Serial0/0
172.12.0.0/24 is subnetted, 4 subnets
O E1 172.12.15.0 [110/84] via 172.12.123.1, 00:16:06, Serial0/0
11.0.0.0/24 is subnetted, 1 subnets
O E1 11.11.11.0 [110/84] via 172.12.123.1, 00:16:06, Serial0/0
R2#
Nope, until I see 4.4.4.4 we on R2 it is not working, but how odd that R4 is rocking and rolling while R2 and R5 are not having any of it. Speaking of R1, or lack of it, I checked it’s route table and it is not seeing R4’s two networks either so it has to be on R3.
After some review, I found my first brain getting exhausted Derp of the night – I put “eigrp 100” in the redistribute command, after removing the palm from my face I fixed it and verified the fix as shown here:
R3(config-route-map)#router ospf 1
R3(config-router)#no redistribute eigrp 100 route-map EIGRP2OSPF subnets
R3(config-router)#redistribute eigrp 200 route-map EIGRP2OSPF subnets
R3(config-router)#
Aaaaaand on R2:
R2#sh ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/65] via 172.12.123.1, 00:25:04, Serial0/0
100.0.0.0/13 is subnetted, 1 subnets
O E1 100.0.0.0 [110/84] via 172.12.123.1, 00:25:04, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/65] via 172.12.123.3, 00:25:04, Serial0/0
4.0.0.0/32 is subnetted, 1 subnets
O E2 4.4.4.4 [110/20] via 172.12.123.3, 00:00:52, Serial0/0
172.12.0.0/24 is subnetted, 4 subnets
O E2 172.12.34.0 [110/20] via 172.12.123.3, 00:00:52, Serial0/0
O E1 172.12.15.0 [110/84] via 172.12.123.1, 00:25:04, Serial0/0
11.0.0.0/24 is subnetted, 1 subnets
O E1 11.11.11.0 [110/84] via 172.12.123.1, 00:25:04, Serial0/0
R2#
For now I will leave those as default E2 routes so I can tell them apart in the Route Table, lets see if R5 is on board as well and we have successfully configured “Multi-Point 2-way Redistribution” successfully with Route Tagging!! :
R5#sh ip route eigrp
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
D EX 1.1.1.1 [170/1662976] via 172.12.15.1, 02:59:27, FastEthernet0/1
2.0.0.0/32 is subnetted, 1 subnets
D EX 2.2.2.2 [170/1662976] via 172.12.15.1, 02:57:16, FastEthernet0/1
4.0.0.0/32 is subnetted, 1 subnets
D EX 4.4.4.4 [170/1662976] via 172.12.15.1, 00:03:29, FastEthernet0/1
11.0.0.0/24 is subnetted, 1 subnets
D 11.11.11.0 [90/156160] via 172.12.15.1, 02:59:27, FastEthernet0/1
100.0.0.0/8 is variably subnetted, 15 subnets, 3 masks
D 100.0.0.0/13 is a summary, 02:59:32, Null0
172.12.0.0/16 is variably subnetted, 4 subnets, 2 masks
D EX 172.12.34.0/24
[170/1662976] via 172.12.15.1, 00:03:29, FastEthernet0/1
D EX 172.12.123.0/24
[170/1662976] via 172.12.15.1, 02:59:27, FastEthernet0/1
R5#ping 4.4.4.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/65/68 ms
R5#
This is great to see, the route-maps both came right to me how to configure the set / match, however lets see if this is the case with bringing the RIP domain into the mix:
R3(config-router)#exit
R3(config)#route-map OSPF2RIP permit 10
R3(config-route-map)#set tag 110
R3(config-route-map)#route-map OSPF2RIP deny 5
R3(config-route-map)#match tag 120
R3(config)#route-map RIP2OSPF deny 10
R3(config-route-map)#match tag 110
R3(config-route-map)#route-map RIP2OSPF permit 20
R3(config-route-map)#set tag 120
R3(config)#router ospf 1
R3(config-router)#redistribute rip route-map RIP2OSPF subnets metric 2
R3(config-router)#router rip
R3(config-router)#redistribute ospf 1 ?
match Redistribution of OSPF routes
metric Metric for redistributed routes
route-map Route map reference
vrf VPN Routing/Forwarding Instance
<cr>
R3(config-router)#redistribute ospf 1 route-map OSPF2RIP metric 2
R3(config-router)#router ospf 1
R3(config-router)#no redistribute rip route-map RIP2OSPF subnets metric 2
R3(config-router)#redistribute rip route-map RIP2OSPF subnets
R3(config-router)#
I took out a lot of ? output once again to keep the config tight and concise, however I did highlight where along the configuration, I forgot the metric has to be set on the OSPF routes going into RIP because of its hop count limit, but I didn’t need to set a metric for RIP routes going into OSPF so I removed that from the config.
So lets take a look at R2 to see if we see any RIP networks at all:
R2#show ip route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/65] via 172.12.123.1, 00:43:21, Serial0/0
2.0.0.0/32 is subnetted, 1 subnets
C 2.2.2.2 is directly connected, Loopback2
100.0.0.0/13 is subnetted, 1 subnets
O E1 100.0.0.0 [110/84] via 172.12.123.1, 00:43:21, Serial0/0
33.0.0.0/24 is subnetted, 1 subnets
O E2 33.33.33.0 [110/2] via 172.12.123.3, 00:07:39, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/65] via 172.12.123.3, 00:43:21, Serial0/0
4.0.0.0/32 is subnetted, 1 subnets
O E2 4.4.4.4 [110/20] via 172.12.123.3, 00:19:09, Serial0/0
172.12.0.0/24 is subnetted, 4 subnets
O E2 172.12.34.0 [110/20] via 172.12.123.3, 00:19:14, Serial0/0
O E1 172.12.15.0 [110/84] via 172.12.123.1, 00:43:27, Serial0/0
C 172.12.23.0 is directly connected, FastEthernet0/0
C 172.12.123.0 is directly connected, Serial0/0
22.0.0.0/24 is subnetted, 1 subnets
C 22.22.22.0 is directly connected, Loopback22
11.0.0.0/24 is subnetted, 1 subnets
O E1 11.11.11.0 [110/84] via 172.12.123.1, 00:43:27, Serial0/0
Alright!! That highlighted is a RIP network configured on R3, so we are officially getting RIP networks into OSPF, so now lets take a look at R5 and see if that is able to see them as well:
R5#show ip route eigrp
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
D EX 1.1.1.1 [170/1662976] via 172.12.15.1, 03:18:59, FastEthernet0/1
2.0.0.0/32 is subnetted, 1 subnets
D EX 2.2.2.2 [170/1662976] via 172.12.15.1, 03:16:48, FastEthernet0/1
4.0.0.0/32 is subnetted, 1 subnets
D EX 4.4.4.4 [170/1662976] via 172.12.15.1, 00:23:01, FastEthernet0/1
11.0.0.0/24 is subnetted, 1 subnets
D 11.11.11.0 [90/156160] via 172.12.15.1, 03:18:59, FastEthernet0/1
22.0.0.0/24 is subnetted, 1 subnets
D EX 22.22.22.0 [170/1662976] via 172.12.15.1, 00:11:31, FastEthernet0/1
33.0.0.0/24 is subnetted, 1 subnets
D EX 33.33.33.0 [170/1662976] via 172.12.15.1, 00:11:31, FastEthernet0/1
100.0.0.0/8 is variably subnetted, 15 subnets, 3 masks
D 100.0.0.0/13 is a summary, 03:19:04, Null0
172.12.0.0/16 is variably subnetted, 5 subnets, 2 masks
D EX 172.12.23.0/24
[170/1662976] via 172.12.15.1, 00:11:31, FastEthernet0/1
D EX 172.12.34.0/24
[170/1662976] via 172.12.15.1, 00:23:01, FastEthernet0/1
D EX 172.12.123.0/24
[170/1662976] via 172.12.15.1, 03:18:59, FastEthernet0/1
R5#
So at this point we have verified that R5 knows about both EIGRP AS 200 Routes, OSPF routes, and RIP routes!
With that, I am going to conclude for the night as my brain is starting to melt once again out of my ears, however very good practical material covered in here, and a good example that 3-way protocol Redistribution can be performed just by tagging traffic into one protocol so that it will redistribute into the other because it is not claused to deny the routes tag.
That was a mouth full of a summary of the lesson to say, anyways, that’s it for tonight, next we’ll mess with some Policy routing and then it’s time to get back into study mode and tackle everything about VPN on routers.
EDIT EDIT EDIT, DAG NAB IT :
On my way to “wr mem” the routers, I did a quick “sh ip route” on R4 just to quickly confirm it was working as well, and it is missing the loopback22 22.22.22.0 /24 on R2 being advertised by RIP:
R2#sh ip proto
Routing Protocol is “rip”
(Output)
Automatic network summarization is not in effect
Maximum path: 4
Routing for Networks:
22.0.0.0
172.12.0.0
Routing Information Sources:
Gateway Distance Last Update
172.12.23.3 120 00:00:01
Distance: (default is 120)
And here is R4’s dag nab #Y&%$&* route table:
R4#sh ip route eigrp
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
D EX 1.1.1.1 [170/1662976] via 172.12.34.3, 00:14:35, FastEthernet0/1
2.0.0.0/32 is subnetted, 1 subnets
D EX 2.2.2.2 [170/1662976] via 172.12.34.3, 00:14:35, FastEthernet0/1
3.0.0.0/32 is subnetted, 1 subnets
D EX 3.3.3.3 [170/1662976] via 172.12.34.3, 00:17:38, FastEthernet0/1
11.0.0.0/24 is subnetted, 1 subnets
D EX 11.11.11.0 [170/1662976] via 172.12.34.3, 00:14:35, FastEthernet0/1
100.0.0.0/13 is subnetted, 1 subnets
D EX 100.0.0.0 [170/1662976] via 172.12.34.3, 00:14:35, FastEthernet0/1
172.12.0.0/16 is variably subnetted, 4 subnets, 2 masks
D EX 172.12.15.0/24
[170/1662976] via 172.12.34.3, 00:14:35, FastEthernet0/1
D EX 172.12.123.0/24
[170/1662976] via 172.12.34.3, 00:17:38, FastEthernet0/1
R4#
So I saw this and just shut the routers down thinking I’ll get it next time, and I didn’t get to the bottom of the stairs before it was driving me crazy what it’s problem is. So I got food (getting cold) and a 5 hour energy, and time to go back at this and hopefully take it down with one more configuration here.
I am thinking because RIP is local to router EIGRP AS 200 is on, we need a Redistribution between those two as well, with their own route-maps. So my food isn’t getting any hotter (or probably colder at this point) so lets do this:
R3(config)#route-map EIGRP2RIP deny 10
R3(config-route-map)#match tag 120
R3(config-route-map)#route-map EIGRP2RIP permit 20
R3(config-route-map)#set tag 200
R3(config-route-map)#route-map RIP2EIGRP deny 10
R3(config-route-map)#set tag 200 <- WRONG – SHOULD BE MATCH TAG 200
R3(config)#route-map RIP2EIGRP permit 20
R3(config-route-map)#set tag 120
R3(config-route-map)#
That looks about right, now to Redistribute them into each other:
R3(config-route-map)#router eigrp 100
R3(config-router)#redistribute rip ?
R3(config-router)#redistribute rip route-map RIP2EIGRP
R3(config-router)#router rip
R3(config-router)#redistribute eigrp 200 route-map EIGRP2RIP metric ?
<0-16> Default metric
transparent Transparently redistribute metric
R3(config-router)#redistribute eigrp 200 route-map EIGRP2RIP metric 2
R3(config-router)#
Aaaaaaaand, let there be light? :
R4#sh ip route eigrp
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
D EX 1.1.1.1 [170/1662976] via 172.12.34.3, 00:38:22, FastEthernet0/1
2.0.0.0/32 is subnetted, 1 subnets
D EX 2.2.2.2 [170/1662976] via 172.12.34.3, 00:38:12, FastEthernet0/1
3.0.0.0/32 is subnetted, 1 subnets
D EX 3.3.3.3 [170/1662976] via 172.12.34.3, 00:41:14, FastEthernet0/1
11.0.0.0/24 is subnetted, 1 subnets
D EX 11.11.11.0 [170/1662976] via 172.12.34.3, 00:38:22, FastEthernet0/1
100.0.0.0/13 is subnetted, 1 subnets
D EX 100.0.0.0 [170/1662976] via 172.12.34.3, 00:38:22, FastEthernet0/1
172.12.0.0/16 is variably subnetted, 4 subnets, 2 masks
D EX 172.12.15.0/24
[170/1662976] via 172.12.34.3, 00:38:22, FastEthernet0/1
D EX 172.12.123.0/24
[170/1662976] via 172.12.34.3, 00:41:14, FastEthernet0/1
R4#
Nope, still nothing, HOWEVER A QUICK SHOW RUN AND STARE DOWN OF R3 SAVES THE DAY!!! :
R3(config-router)#do sh run
(Output)
!
router eigrp 200
redistribute ospf 1 route-map OSPF2EIGRP
network 172.12.34.0 0.0.0.255
default-metric 1544 10 255 1 1500
no auto-summary
!
router eigrp 100
redistribute rip route-map RIP2EIGRP
auto-summary
!
router ospf 1
log-adjacency-changes
redistribute eigrp 200 subnets route-map EIGRP2OSPF
redistribute rip metric 2 subnets route-map RIP2OSPF
redistribute eigrp 100
network 3.3.3.3 0.0.0.0 area 0
network 172.12.123.0 0.0.0.255 area 0
!
router rip
version 2
redistribute eigrp 200 metric 2 route-map EIGRP2RIP
redistribute ospf 1 metric 2 route-map OSPF2RIP
network 33.0.0.0
network 172.12.0.0
no auto-summary
!
Iiiiiii, need to correct this, and stop labbing for the night as my stupid mistakes are now running rampant on my network:
R3(config-router)#exit
R3(config)#no router eigrp 100
R3(config)#router eigrp 200
R3(config-router)#redistribute rip route-map RIP2EIGRP
R3(config-router)#
AND NOW LETS SEE THAT NETWORK NUMBER 22.22.22.0 /24 ON R4!!! :
R4#sh ip route eigrp
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
D EX 1.1.1.1 [170/1662976] via 172.12.34.3, 00:47:11, FastEthernet0/1
2.0.0.0/32 is subnetted, 1 subnets
D EX 2.2.2.2 [170/1662976] via 172.12.34.3, 00:47:01, FastEthernet0/1
3.0.0.0/32 is subnetted, 1 subnets
D EX 3.3.3.3 [170/1662976] via 172.12.34.3, 00:50:03, FastEthernet0/1
11.0.0.0/24 is subnetted, 1 subnets
D EX 11.11.11.0 [170/1662976] via 172.12.34.3, 00:47:11, FastEthernet0/1
100.0.0.0/13 is subnetted, 1 subnets
D EX 100.0.0.0 [170/1662976] via 172.12.34.3, 00:47:11, FastEthernet0/1
172.12.0.0/16 is variably subnetted, 4 subnets, 2 masks
D EX 172.12.15.0/24
[170/1662976] via 172.12.34.3, 00:47:11, FastEthernet0/1
D EX 172.12.123.0/24
[170/1662976] via 172.12.34.3, 00:50:03, FastEthernet0/1
R4#
It is still not there, so I highlighted the issue above from retrospect, however the issue was found using the route-map command, in conjunction with looking at the route-maps on “sh run” which makes them a bit easier to read for me without the extra output.
The answer to why R3 isn’t getting RIP routes
In my tired stupor, I did not closely review my route maps, or it would be clear that I set the RIP2EIGRP twice, meaning I put a “set” in each sequence for both matching a tag to deny and setting the RIP route tag #’s :
R3(config)#do sh route
route-map EIGRP2RIP, deny, sequence 10
Match clauses:
tag 120
Set clauses:
Policy routing matches: 0 packets, 0 bytes
route-map EIGRP2RIP, permit, sequence 20
Match clauses:
Set clauses:
tag 200
Policy routing matches: 0 packets, 0 bytes
route-map RIP2EIGRP, deny, sequence 10
Match clauses:
Set clauses:
tag 200
Policy routing matches: 0 packets, 0 bytes
route-map RIP2EIGRP, permit, sequence 20
Match clauses:
Set clauses:
tag 120
So I apply the fix and check on R4 with both fingers crossed:
R3(config)#no route-map RIP2EIGRP
R3(config)#route-map RIP2EIGRP deny 10
R3(config-route-map)#match tag 200
R3(config-route-map)#route-map RIP2EIGRP permit 20
R3(config-route-map)#set tag 120
R3(config-route-map)#
ASR#4
[Resuming connection 4 to r4 … ]
R4#sh ip route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
D EX 1.1.1.1 [170/1662976] via 172.12.34.3, 00:15:04, FastEthernet0/1
2.0.0.0/32 is subnetted, 1 subnets
D EX 2.2.2.2 [170/1662976] via 172.12.34.3, 00:15:04, FastEthernet0/1
3.0.0.0/32 is subnetted, 1 subnets
D EX 3.3.3.3 [170/1662976] via 172.12.34.3, 00:17:56, FastEthernet0/1
4.0.0.0/32 is subnetted, 1 subnets
C 4.4.4.4 is directly connected, Loopback4
11.0.0.0/24 is subnetted, 1 subnets
D EX 11.11.11.0 [170/1662976] via 172.12.34.3, 00:15:04, FastEthernet0/1
22.0.0.0/24 is subnetted, 1 subnets
D EX 22.22.22.0 [170/1662976] via 172.12.34.3, 00:00:09, FastEthernet0/1
33.0.0.0/24 is subnetted, 1 subnets
D EX 33.33.33.0 [170/1662976] via 172.12.34.3, 00:00:09, FastEthernet0/1
100.0.0.0/13 is subnetted, 1 subnets
D EX 100.0.0.0 [170/1662976] via 172.12.34.3, 00:15:04, FastEthernet0/1
172.12.0.0/16 is variably subnetted, 5 subnets, 2 masks
D EX 172.12.15.0/24
[170/1662976] via 172.12.34.3, 00:15:04, FastEthernet0/1
D EX 172.12.23.0/24
[170/1662976] via 172.12.34.3, 00:00:09, FastEthernet0/1
C 172.12.34.0/24 is directly connected, FastEthernet0/1
L 172.12.34.4/32 is directly connected, FastEthernet0/1
D EX 172.12.123.0/24
[170/1662976] via 172.12.34.3, 00:17:56, FastEthernet0/1
R4#
AND THERE IS OUR RIP ROUTES, FINALLY, 3-WAY REDISTRIBUTION ON ONE ROUTER!!!
Next lab I’ll look at sub-optimal routing all this redistribution may have caused, see if I can correct it with different mechanisms (Mainly Policy Routing), but for now that is all 🙂
The DEVNET GRIND! 