How2pass.com Forums

Full Version: QID:NE117 Route redistribution
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

joshuad31

Ok I am sorry but this makes no sense to me.  I actually would have chosen the two ip prefix-lists just out of process of elimination

172.16.x.x network = RIPv2 routes
10.x.x.x network = OSPF routes

first off the access-list 15 statement is a denial and it is attached to a route-map that is also a denial statement.  Followed by permit any statements.  Which means that you are denying the access-list from being denied but permitting all other traffic.  You can do that for sure but it won't accomplish any filtering.  So because of that I crossed it off the list.

access-list 15 deny 10.1.1.0 0.0.0.63
access-list 15 permit any
route-map redis-rip deny 10
match ip address 15
route-map redis-rip permit 20
router ospf 100
redistribute rip route-map redis-rip subnets

Second of all access-list 40 statement is a denial of OSPF routes and that denial statement is incorporated into the RIP process denying these routes from being advertised out by rip.  So uh... that defeats the purpose.  Its like saying RIP, you see these OSPF routes that you are trying to redistribute... well don't advertise them.

Question and answer below:
13. (QID:NE117) View the exhibit. A new TAC engineer comes to you for advice. The engineer wants  to configure RIPv2-OSPF two-way redistribution while avoiding routing loops. Which two additions to the router B1 configuration should the engineer make?

access-list 40 deny 172.16.1.0 0.0.0.255
access-list 40 permit any
router rip
redistribute ospf 100 metric 5
distribute-list 40 out ospf 100

ip prefix-list rip-to-ospf permit 10.1.1.8/25 ge 26 le 28
route-map redis-rip deny 20
match ip address prefix-list rip-to-ospf
router ospf 100
redistribute rip route-map redis-rip subnets

access-list 15 deny 10.1.1.0 0.0.0.63
access-list 15 permit any
route-map redis-rip deny 10
match ip address 15
route-map redis-rip permit 20
router ospf 100
redistribute rip route-map redis-rip subnets

ip prefix-list rip_routes permit 172.16.1.16/25 ge 26 le 28
route-map redis-ospf deny 10
match ip address prefix-list rip_routes
router rip
redistribute ospf 10 route-map redis-ospf subnets

Correct Answer:
access-list 40 deny 172.16.1.0 0.0.0.255
access-list 40 permit any
router rip
redistribute ospf 100 metric 5
distribute-list 40 out ospf 100

access-list 15 deny 10.1.1.0 0.0.0.63
access-list 15 permit any
route-map redis-rip deny 10
match ip address 15
route-map redis-rip permit 20
router ospf 100
redistribute rip route-map redis-rip subnets

joshuad31

Admin I would like a reply to this post

ronthevisio

Well, in the first question, related to route map, access-list 15 denies 10.1.1.0 0.0.0.63 and all the other subnets are supposed to be filtered by the route-map named 'redis-rip' by the line number 10. The route-map line number 20 permits all subnets which are not filtered by line number 10, in this case it has to be 10.1.1.0 0.0.0.63 subnets.

RIP routes are redistributed in OSPF with a map tag of the above specified route-map.

Overall, this means only 10.1.1.0 0.0.0.63 subnets are redistributed in OSPF.

joshuad31

You know what.  I figured it out.  When you use route-maps in route redistribution they work differently then they do for policy routing.  The answer is definitely correct.

Here is the configuration
access-list 15 deny 10.1.1.0 0.0.0.63
access-list 15 permit any
route-map redis-rip deny 10
match ip address 15
route-map redis-rip permit 20
router ospf 100
redistribute rip route-map redis-rip subnets

FYI on route maps, a route map must have at least one match clause or one set clause. If you have no match clauses, all routes match the route map, and the set conditions apply to all routes. If you have no set clauses, no action is taken other than that specified by the permit or deny keyword.

What this seems to be saying is:

Deny any routes from the 10.x.x.x network from being denied redistribution and then permit all other routes to be denied redistribution.
So a deny (ACL) of a denial (Route-map) is essentially a permit
A Permit (ACL) to be denied (Route-map) is a denial.

The same could be accomplished this way
access-list 15 permit 10.1.1.0 0.0.0.63
route-map redis-rip permit 10
match ip address 15

Now there is no match statement for any other routes other than the 10.x.x.x routes to be permitted redistribution thus other routes will not be permitted redistribution.  Is this right?