+- How2pass.com Forums (https://www.how2pass.com/forum)
+-- Forum: CCNP (https://www.how2pass.com/forum/forum-6.html)
+--- Forum: CCNP ENARSI 300-410 Forum (https://www.how2pass.com/forum/forum-15.html)
+--- Thread: Confused about route-maps, prefix-lists, acl's, and distribution-lists (/thread-1892.html)
Confused about route-maps, prefix-lists, acl's, and distribution-lists - IT-Biscuit - 01-16-2021
So before I start, I am currently CCNA certified and working on CCNP. I understand this much...
- prefix-lists and access-lists are used to collect a pool of IP's or subnets to compare and contrast from
- route-maps and distribution-lists look to those prefix-lists and access-lists or other criteria to make a decision on how to handle those pools of IP's, whether to permit them, forward them, block them from entering the AS or routing table.
- distribution-lists only affect the IP routing table, not the AS topology information, meaning if R1, a DR in an OSPF topology within area 0 were using a distribution-list to block network 192.168.5.0/24 - it would only block it from R1's routing table (show ip route) rather than the OSPF topology (show ip ospf topology) so 192.168.5.0/24 would still propogate to other routers ospf topology and ip routing table if there were no additional filters preventing it from doing so.
- As for route-maps - they can do alot of stuff from what I'm gathering, blocking or permitting traffic is only one of them, they can also redistribute traffic along another path using a next-hop argument. Anyway though, in this context, a route-map would block the network from the entire AS if its implemented on a ASBR.
Now what I'm having difficulty with are the actual uses of ip-prefix lists or acl's with route-maps and the most effective way to use them. Lets say for example I wanted to redistribute OSPF to EIGRP and there were two ASBR's for the same AS's and I want to tag traffic to ensure that there are no loops...
R3 is between EIGRP 100 and OSPF 1 Area 1
[b]R3 and R7 are ASBR's between OSPF 1 and EIGRP 100[/b]
[b]R5 & R6 have virtual-link configured to give R7 access to Area 0[/b]![[Image: large?v=1.0&px=999]](https://community.cisco.com/t5/image/serverpage/image-id/101930i05FCE3A72D1E80BD/image-size/large?v=1.0&px=999)
So now the question.. ..what would be the most effective way to...
Block IP's 10.20.0.0 thru 10.20.5.255 from entering the EIGRP routing table with the least amount of commands?
This is what I did on [b]R3[/b] and [b]R7[/b]
[code]
ip prefix-list OSPF_Filter deny 10.20.0.0/24 le 32
ip prefix-list OSPF_Filter deny 10.20.1.0/24 le 32
ip prefix-list OSPF_Filter deny 10.20.5.0/24 le 32
ip prefix-list OSPF_Filter deny 10.20.2.0/24 le 32
ip prefix-list OSPF_Filter deny 10.20.3.0/24 le 32
ip prefix-list OSPF_Filter deny 10.20.4.0/24 le 32
ip prefix-list OSPF_Filter deny 10.20.5.0/24 le 32
ip prefix-list OSPF_Filter permit 0.0.0.0/0 le 32
route-map OSPF-EIGRP permit 5
set tag 20
match ip address prefix-list OSPF_Filter
route-map OSPF-EIGRP deny 10
match tag 10
route-map EIGRP-OSPF permit 5
set tag 10
route-map EIGRP-OSPF deny 10
match tag 20
router eigrp 100
redistribute ospf 1 metric 10000 100 255 1 1500 route-map OSPF-EIGRP
router ospf 1
redistribute eigrp 100 subnets route-map EIGRP-OSPF[/font][/size][/color]
[/code]
Are the tags set correctly above?
I can't help but feel that this approach was very cumbersome and there should be an easier way to approach it with less statements or through summarization. Problem is if I summarize that route in the prefix-list I end up with a 10.20.0.0/28 which will also block unintended networks.
- Can you use route summaries in prefix-lists to block out everything in the summarized route?
- Can you modify the ge / le qualifiers in this example to only include 10.20.0.0 thru 10.20.5.255?
- What would happen if my prefix-list instead permitted the routes and denied 0.0.0.0/0 le 32 (is that even necessary, this should be implicitly denied right?) If I did that, how would I implement it on the route-map to block the IP's permitted in the prefix-list? Would this be appropriate or would it block out all routes? Would the below be appropiate? If not, what would be best to filter those nodes out from the EIGRP routing table while keeping it in this syntax (with the prefix-lists permitting).
ip prefix-list OSPF_Filter permit 10.20.0.0/24 le 32
ip prefix-list OSPF_Filter permit 10.20.1.0/24 le 32
ip prefix-list OSPF_Filter permit 10.20.5.0/24 le 32
ip prefix-list OSPF_Filter permit 10.20.2.0/24 le 32
ip prefix-list OSPF_Filter permit 10.20.3.0/24 le 32
ip prefix-list OSPF_Filter permit 10.20.4.0/24 le 32
ip prefix-list OSPF_Filter permit 10.20.5.0/24 le 32
ip prefix-list OSPF_Filter deny 0.0.0.0/0 le 32
route-map OSPF-EIGRP permit 5
set tag 20
route-map OSPF-EIGRP deny 10
match tag 10
match ip address prefix-list OSPF_Filter
route-map EIGRP-OSPF permit 5
set tag 10
route-map EIGRP-OSPF deny 10
match tag 20
[/code]