Chapter 4 Lab 4-2, Controlling Routing Updates Topology.: Ccnpv7 Route

CCNPv7 ROUTE
Chapter 4 Lab 4-2, Controlling Routing Updates
Topology.
Objectives
 Filter routes using a distribute list and ACL.
 Filter routes using a distribute list and prefix list.
 Filter redistributed routes using a route map.
 Filter redistributed routes and set attributes using a route map.
© 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 13
CCNPv7 ROUTE Lab 4-3, Controlling Routing Updates
Background
In this scenario, R1 and R2 are running EIGRP while R2 and R3 are running multi-area OSPF. R2 is the
OSPF autonomous system border router (ASBR) consisting of areas 0, 10, and 20.
Your task is to control routing updates by using distribute lists, prefix lists and route maps.
Note: This lab uses Cisco 1941 routers with Cisco IOS Release 15.2 with IP Base. Depending on the router
or switch model and Cisco IOS Software version, the commands available and output produced might vary
from what is shown in this lab.
Required Resources
 3 routers (Cisco IOS Release 15.2 or comparable)
 Serial and Ethernet cables
Step 1: Configure loopbacks and assign addresses.
Note: The following two steps are not required if you are continuing from Lab 4-1.
a. Configure all loopback interfaces on the three routers in the diagram. Configure the serial interfaces with
the IP addresses, bring them up, and set a DCE clock rate where appropriate.
R1(config)# interface Loopback0
R1(config-if)# ip address 172.16.1.1 255.255.255.0
R1(config-if)# exit
R1(config)#
R1(config-if)# exit
R1(config)#
R1(config-if)# exit
R1(config)#
R1(config-if)# exit
R1(config)#
R1(config-if)# exit
R1(config)#
R1(config-if)# exit
R1(config)#
R1(config)# interface Serial0/0/0 int s3/0
R1(config-if)# clock rate 64000
R1(config-if)# bandwidth 64
R1(config-if)# no shutdown

R2(config-if)# exit
R2(config)#
R2(config-if)# ip ospf network point-to-point
R2(config-if)# exit
R2(config)#
R2(config-if)# interface Serial0/0/0 int s3/0
R2(config-if)# exit
R2(config)#
R2(config-if)# clock rate 64000

R3(config-if)# exit
R3(config)#
R3(config)# interface loopback 8
R3(config-if)# exit
R3(config)#
R3(config-if)# exit
R3(config)#
R3(config-if)# exit
R3(config)#
R3(config-if)# exit
R3(config)#
R3(config-if)# exit
R3(config)#
R3(config-if)# exit
R3(config)#
R3(config-if)# exit
R3(config)#
R3(config-if)# exit
R3(config)#
R3(config-if)# exit
R3(config)#
Step 2: Configure Routing, Summarization, and Redistribution.

In this step, we will configure EIGRP on R1 and R2, and OSPF on R2 and R3.
a. On R1, create a supernet route summarizing the loopback 48 and 49 networks and configure EIGRP in
autonomous system 1.
R1(config-if)# ip summary-address eigrp 1 192.168.48.0 255.255.254.0
R1(config-if)# exit
R1(config)# router eigrp 1
R1(config-router)# no auto-summary
R1(config-router)# network 172.16.0.0
R1(config-router)# network 192.168.0.0 0.0.255.255
R1(config-router)#
b. On R3, summarize area 20 routes and configure OSPF for area 0 and area 20.
R3(config)# router ospf 1
R3(config-router)# area 20 range 192.168.8.0 255.255.252.0
R3(config-router)# network 172.16.0.0 0.0.255.255 area 0
R3(config-router)#
c. On R2, configure EIGRP and redistribute the OSPF networks into EIGRP AS 1. Then configure OSPF
and redistribute and summarize the EIGRP networks into OSPF.
R2(config-router)# no auto-summary
R2(config-router)# network 172.16.0.0
R2(config-router)# redistribute ospf 1 metric 10000 100 255 1 1500
R2(config-router)# exit
R2(config)#
R2(config-router)# redistribute eigrp 1 subnets
R2(config-router)# summary-address 192.168.48.0 255.255.252.0
R2(config)#
Jan 10 10:11:18.863: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 172.16.12.1

(Serial0/0/0) is up: new adjacency
R2(config)#
Jan 10 10:11:32.991: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.40.1 on
Serial0/0/1 from LOADING to FULL, Loading Done
R2(config)#
d. Verify the EIGRP and OSPF routing table entries on R2.

R2# show ip route eigrp | begin Gateway
Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 10 subnets, 2 masks

D 172.16.1.0/24 [90/40640000] via 172.16.12.1, 00:14:57, Serial0/0/0
D 192.168.48.0/23 [90/40640000] via 172.16.12.1, 00:14:57, Serial0/0/0
D 192.168.50.0/24 [90/40640000] via 172.16.12.1, 00:14:57, Serial0/0/0
D 192.168.51.0/24 [90/40640000] via 172.16.12.1, 00:14:57, Serial0/0/0
D 192.168.70.0/24 [90/40640000] via 172.16.12.1, 00:14:57, Serial0/0/0
R2#
R2# show ip route ospf | begin Gateway

O 172.16.3.0/24 [110/1563] via 172.16.23.3, 00:15:41, Serial0/0/1
O IA 192.168.8.0/22 [110/1563] via 172.16.23.3, 00:15:41, Serial0/0/1
O 192.168.20.0/24 [110/1563] via 172.16.23.3, 00:15:41, Serial0/0/1
O 192.168.25.0/24 [110/1563] via 172.16.23.3, 00:15:41, Serial0/0/1
O 192.168.30.0/24 [110/1563] via 172.16.23.3, 00:15:41, Serial0/0/1
O 192.168.35.0/24 [110/1563] via 172.16.23.3, 00:15:41, Serial0/0/1
O 192.168.40.0/24 [110/1563] via 172.16.23.3, 00:15:41, Serial0/0/1
O 192.168.48.0/22 is a summary, 00:15:30, Null0
R2#
As expected, R2 knows about the R1 routes including the summarized 192.168.48.0/22 EIGRP route. R2
also knows about the R3 OSPF area 0 routes and the summarized area 20 routes.
e. Verify the EIGRP routing table on R1.


D 172.16.2.0/24 [90/40640000] via 172.16.12.2, 00:11:40, Serial0/0/0
D EX 172.16.3.0/24 [170/40537600] via 172.16.12.2, 00:11:40, Serial0/0/0
D 172.16.23.0/24 [90/41024000] via 172.16.12.2, 00:11:40, Serial0/0/0
D 172.16.100.0/24 [90/40640000] via 172.16.12.2, 00:11:40, Serial0/0/0
D EX 192.168.8.0/22 [170/40537600] via 172.16.12.2, 00:11:40, Serial0/0/0
D EX 192.168.20.0/24 [170/40537600] via 172.16.12.2, 00:11:40, Serial0/0/0
D EX 192.168.25.0/24 [170/40537600] via 172.16.12.2, 00:11:40, Serial0/0/0
D EX 192.168.30.0/24 [170/40537600] via 172.16.12.2, 00:11:40, Serial0/0/0
D EX 192.168.35.0/24 [170/40537600] via 172.16.12.2, 00:11:40, Serial0/0/0
D EX 192.168.40.0/24 [170/40537600] via 172.16.12.2, 00:11:40, Serial0/0/0
D EX 192.168.48.0/22 [170/40537600] via 172.16.12.2, 00:11:38, Serial0/0/0
D 192.168.48.0/23 is a summary, 00:11:40, Null0
R1#
R1 knows about the internal EIGRP routes and the external routes redistributed from the OSPF routing
domain by R2. The highlighted entry identifies the OSPF 20 routes which will be filtered using a distribute
list and ACL in the next step.
f. Verify the EIGRP routing table on R3.

O E2 172.16.1.0/24 [110/20] via 172.16.23.2, 00:22:43, Serial0/0/1
O E2 172.16.2.0/24 [110/20] via 172.16.23.2, 00:22:52, Serial0/0/1
O E2 172.16.12.0/24 [110/20] via 172.16.23.2, 00:22:52, Serial0/0/1
O IA 172.16.100.0/24 [110/1563] via 172.16.23.2, 00:22:52, Serial0/0/1
O E2 192.168.48.0/22 [110/20] via 172.16.23.2, 00:22:41, Serial0/0/1
O E2 192.168.70.0/24 [110/20] via 172.16.23.2, 00:22:42, Serial0/0/1
R3#
R3 knows about the internal OSPF routes and the external routes redistributed by R2 from the EIGRP
routing domain. The highlighted entries identify the EIGRP routes which will be filtered using a distribute
list and prefix list in another step.
g. Verify that you can ping across the serial links when you are finished. Use the following Tcl script to check
connectivity.
R3# tclsh
foreach address {
172.16.1.1
192.168.48.1
192.168.49.1
192.168.50.1
192.168.51.1
192.168.70.1
172.16.12.1
172.16.12.2
172.16.2.1
172.16.100.1
172.16.23.2
172.16.23.3
172.16.3.1
192.168.8.1
192.168.9.1
192.168.10.1
192.168.11.1
192.168.20.1
192.168.25.1
192.168.30.1
192.168.35.1
192.168.40.1
} { ping $address }
All pings should be successful. Troubleshoot if necessary.
Step 3: Filter redistributed routes using a distribute list and ACL.

Routes can be filtered using a variety of techniques including:
Distribute list and ACL— A distribute list allows an access control lists (ACLs) to be applied to routing
updates.
 Distribute list and prefix list— A distribute list with a prefix list is an alternative to ACLs designed to
filter routes. Prefix lists are not exclusively used with distribute lists but can also be used with route
maps and other commands.
 Route maps— Route maps are complex access lists that allow conditions to be tested against a
packet or route, and then actions taken to modify attributes of the packet or route.
In this step, we will use a distribute list and ACL to filter routes being advertised from R2 to R1. Specifically,
we will filter the OSPF 20 routes (i.e., 192.168.8.0/22) from being advertised by R2 to R1.
a. On R1, verify the routing table entry for the 192.168.8.0/22 route.
R1# show ip route 192.168.8.0
Routing entry for 192.168.8.0/22, supernet
Known via "eigrp 1", distance 170, metric 40537600, type external
Redistributing via eigrp 1
Last update from 172.16.12.2 on Serial0/0/0, 00:00:43 ago
Routing Descriptor Blocks:
* 172.16.12.2, from 172.16.12.2, 00:00:43 ago, via Serial0/0/0
Route metric is 40537600, traffic share count is 1
Total delay is 21000 microseconds, minimum bandwidth is 64 Kbit
Reliability 255/255, minimum MTU 1500 bytes
Loading 1/255, Hops 1
R1#
b. Although a distribute list could be implemented on the receiving router, it is usually best to filter routes
from the distributing router. Therefore on R2, create an ACL called OSPF20-FILTER that denies the
192.168.8.0/22 route. The ACL must also permit all other routes otherwise, no OSPF routes would be
redistributed into EIGRP.
R2(config)# ip access-list standard OSPF20-FILTER
R2(config-std-nacl)# remark Used with DList to filter OSPF 20 routes
R2(config-std-nacl)# deny 192.168.8.0 0.0.3.255
R2(config-std-nacl)# permit any
R2(config-std-nacl)# exit
R2(config)#
c. Configure a distribute list under the EIGRP process to filter routes propagated to R1 using the pre-
configured ACL.
R2(config-router)# distribute-list OSPF20-FILTER out ospf 1
R2(config-router)#
d. On R1, verify if the route is now missing from the R1 routing table.
R1# show ip route 192.168.8.0
% Network not in table
R1#

D 172.16.2.0/24 [90/40640000] via 172.16.12.2, 00:00:03, Serial0/0/0
D EX 172.16.3.0/24 [170/40537600] via 172.16.12.2, 00:00:03, Serial0/0/0
D 172.16.23.0/24 [90/41024000] via 172.16.12.2, 00:00:03, Serial0/0/0
D 172.16.100.0/24 [90/40640000] via 172.16.12.2, 00:00:03, Serial0/0/0
D EX 192.168.20.0/24 [170/40537600] via 172.16.12.2, 00:00:03, Serial0/0/0
D EX 192.168.25.0/24 [170/40537600] via 172.16.12.2, 00:00:03, Serial0/0/0
D EX 192.168.30.0/24 [170/40537600] via 172.16.12.2, 00:00:03, Serial0/0/0
D EX 192.168.35.0/24 [170/40537600] via 172.16.12.2, 00:00:03, Serial0/0/0
D EX 192.168.40.0/24 [170/40537600] via 172.16.12.2, 00:00:03, Serial0/0/0
D EX 192.168.48.0/22 [170/40537600] via 172.16.12.2, 00:00:03, Serial0/0/0
R1#
The output confirms that the 192.168.8.0/22 route is no longer in the routing table of R1.
Note that if additional router filtering was required, only the ACL on R2 would need to be altered.
Step 4: Filter redistributed routes using a distribute list and prefix list.
In this step, a prefix list will be configured with a distribute list to filter R1 routes being advertised from R2 to
R3.
a. On R3, verify the routing table entry for the routes learned externally identified with the 0 E2 source entry.
R3# show ip route ospf | include O E2
O E2 172.16.1.0/24 [110/20] via 172.16.23.2, 00:10:12, Serial0/0/1
O E2 172.16.2.0/24 [110/20] via 172.16.23.2, 00:10:12, Serial0/0/1
O E2 172.16.12.0/24 [110/20] via 172.16.23.2, 00:10:12, Serial0/0/1
O E2 192.168.48.0/22 [110/20] via 172.16.23.2, 00:02:05, Serial0/0/1
O E2 192.168.70.0/24 [110/20] via 172.16.23.2, 00:02:05, Serial0/0/1
R3#
Specifically, the highlighted routes will be omitted from being advertised using a prefix list.
b. R2 will be configured with a prefix list identifying which networks to advertise to advertise to R3.
Specifically, only the 172.16.0.0 networks are permitted.
R2(config)# ip prefix-list EIGRP-FILTER description Used with DList to filter
EIGRP routes
R2(config)# ip prefix-list EIGRP-FILTER permit 172.16.0.0/16 le 24
R2(config)#
c. Configure a distribute list under the OSPF process to filter routes propagated to R3 using the pre-
configured prefix list.
R2(config-router)# distribute-list prefix EIGRP-FILTER out eigrp 1
R2(config-router)#
d. On R3, verify if the route is now missing from the R1 routing table.
O E2 172.16.1.0/24 [110/20] via 172.16.23.2, 00:13:55, Serial0/0/1
O E2 172.16.2.0/24 [110/20] via 172.16.23.2, 00:13:55, Serial0/0/1
O E2 172.16.12.0/24 [110/20] via 172.16.23.2, 00:13:55, Serial0/0/1
R3#
The output confirms that only the 172.16.0.0/16 networks are being advertised to R3.
Step 5: Filter redistributed routes using a route map.

The preceding two steps were simple examples of using a distribute list with an ACL and a prefix list. Both
methods basically achieved the same result of filtering routes.
However, in large enterprise networks, route filtering can be quite complex. The ACLs can be very extensive
and therefore taxing on router resources. For this reason, prefix lists should be used instead of ACLs since
they are more efficient and less taxing on router resources than ACLs.
Route maps can also be used to filter redistributed routes. A route map works like an access list because it
has multiple deny and permit statements that are read in a sequential order. However, route maps can match
and set specific attributes and therefore provide additional options and more flexibility when redistributing
routes.
Route maps are not just for redistribution. They are also commonly used for:
 Policy-based routing (PBR)— PBR allows an administrator to define routing policy other than basic
destination-based routing using the routing table. The route map is applied to an interface using the ip
policy route-map interface configuration command.
 BGP—Route maps are the primary tools for implementing BGP policy and allows an administrator to
do path control and provide sophisticated manipulation of BGP path attributes. The route map is
applied using the BGP neighbor router configuration command.
In this step, we will filter the R3 loopback 25 and 30 networks from being redistributed into EIGRP on R2.
a. Display the R1 routing table and verify that those two routes currently appear there.

D 172.16.2.0/24 [90/40640000] via 172.16.12.2, 01:39:20, Serial0/0/0
D EX 172.16.3.0/24 [170/40537600] via 172.16.12.2, 01:30:13, Serial0/0/0
D 172.16.23.0/24 [90/41024000] via 172.16.12.2, 01:39:20, Serial0/0/0
D 172.16.100.0/24 [90/40640000] via 172.16.12.2, 01:39:20, Serial0/0/0
D EX 192.168.20.0/24 [170/40537600] via 172.16.12.2, 01:30:13, Serial0/0/0
D EX 192.168.25.0/24 [170/40537600] via 172.16.12.2, 01:30:13, Serial0/0/0
D EX 192.168.30.0/24 [170/40537600] via 172.16.12.2, 01:30:13, Serial0/0/0
D EX 192.168.35.0/24 [170/40537600] via 172.16.12.2, 01:30:13, Serial0/0/0
D EX 192.168.40.0/24 [170/40537600] via 172.16.12.2, 01:30:13, Serial0/0/0
R1#
b. There are multiple ways to configure this filtering. In this step, we will configure an ACL that matches
these two network. Configure the following named access list to identify the two routes to be filtered.
R2(config)# ip access-list standard R3-ACL
R2(config-std-nacl)# remark ACL used with the R3-FILTER route map
R2(config-std-nacl)# permit 192.168.25.0 0.0.0.255
R2(config-std-nacl)# permit 192.168.30.0 0.0.0.255
R2(config-std-nacl)# exit
R2(config)#
c. Configure a route map with a statement that denies based on a match with the named ACL. Then add a
permit statement without a match statement. This acts as an explicit “permit all”.
R2(config)# route-map R3-FILTER deny 10
R2(config-route-map)# description RM filters R3 OSPF routes
R2(config-route-map)# match ip address R3-ACL
R2(config-route-map)# exit
R2(config)# route-map R3-FILTER permit 20
R2(config-route-map)# description RM permits all other R3 OSPF routes
R2(config)#
d. Apply this route map to EIGRP by reentering the redistribute command using the route-map keyword.
R2(config-router)# redistribute ospf 1 route-map R3-FILTER metric 64 100 255 1
1500
R2(config-router)#
e. Verify that the two R3 networks are filtered out in the R1 routing table.
D 172.16.2.0/24 [90/40640000] via 172.16.12.2, 00:02:20, Serial0/0/0

D EX 172.16.3.0/24 [170/40537600] via 172.16.12.2, 00:02:04, Serial0/0/0
D 172.16.23.0/24 [90/41024000] via 172.16.12.2, 00:02:20, Serial0/0/0
D 172.16.100.0/24 [90/40640000] via 172.16.12.2, 00:02:20, Serial0/0/0
D EX 192.168.20.0/24 [170/40537600] via 172.16.12.2, 00:02:04, Serial0/0/0
D EX 192.168.35.0/24 [170/40537600] via 172.16.12.2, 00:02:04, Serial0/0/0
D EX 192.168.40.0/24 [170/40537600] via 172.16.12.2, 00:02:04, Serial0/0/0
R1#
Notice that the192.168.25.0/24 and 192.168.30.0/24 networks are no longer in the routing table.
Step 6: Filter redistributed routes and set attributes using a route map.
The preceding step was a simple example of using a route map to filter redistributed routes.
In this step, we will filter a route from R1 to change its metric and metric type.
a. On R3, verify the routing table entry for the routes learned externally identified with the 0 E2 source entry.
O E2 172.16.1.0/24 [110/20] via 172.16.23.2, 00:13:55, Serial0/0/1
O E2 172.16.2.0/24 [110/20] via 172.16.23.2, 00:13:55, Serial0/0/1
O E2 172.16.12.0/24 [110/20] via 172.16.23.2, 00:13:55, Serial0/0/1
R3#
The 172.16.12.0 route will be configured with additional attributes.
b. Configure a prefix list identifying the route to be filtered.
R2(config)# ip prefix-list R1-PL permit 172.16.12.0/24
R2(config)#
c. Configure a route map matching the identified route in the prefix list and assign the metric cost of 25 and
change the metric type to External Type 1. Then add a permit statement without a match statement
acting as an explicit “permit all”.
R2(config-route-map)# description RM filters 172.16.12.0/24
R2(config-route-map)# match ip address prefix-list R1-PL
R2(config-route-map)# set metric 25
R2(config-route-map)# set metric-type type-1
R2(config-route-map)# description RM permits all other R1 OSPF routes
R2(config)#
d. Apply this route map to OSPF by reentering the redistribute command using the route-map keyword.
R2(config-router)# redistribute eigrp 1 subnets route-map R1-FILTER
R2(config)#
e. Verify that the two R3 networks are filtered out in the R1 routing table.

O E2 172.16.1.0/24 [110/20] via 172.16.23.2, 00:02:57, Serial0/0/1
O E2 172.16.2.0/24 [110/20] via 172.16.23.2, 00:02:57, Serial0/0/1
O E1 172.16.12.0/24 [110/1587] via 172.16.23.2, 00:02:57, Serial0/0/1
O IA 172.16.100.0/24 [110/1563] via 172.16.23.2, 00:02:57, Serial0/0/1
R3#
Notice that the172.16.12.0/24 route is now a type 1 route and calculates the actual metric.

Chapter 4 Lab 4-2, Controlling Routing Updates Topology.: Ccnpv7 Route

Uploaded by

Copyright:

Available Formats

Chapter 4 Lab 4-2, Controlling Routing Updates Topology.: Ccnpv7 Route

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Chapter 4 Lab 4-2, Controlling Routing Updates Topology.: Ccnpv7 Route

Uploaded by

Copyright:

Available Formats

CCNPv7 ROUTE

Chapter 4 Lab 4-2, Controlling Routing Updates

Step 1: Configure loopbacks and assign addresses.

R2(config)# interface Loopback0

R3(config)# interface Loopback0

Step 2: Configure Routing, Summarization, and Redistribution.

Jan 10 10:11:18.863: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 172.16.12.1

d. Verify the EIGRP and OSPF routing table entries on R2.

172.16.0.0/16 is variably subnetted, 10 subnets, 2 masks

172.16.0.0/16 is variably subnetted, 10 subnets, 2 masks

e. Verify the EIGRP routing table on R1.

R1# show ip route eigrp | begin Gateway

172.16.0.0/16 is variably subnetted, 8 subnets, 2 masks

172.16.0.0/16 is variably subnetted, 8 subnets, 2 masks

Step 3: Filter redistributed routes using a distribute list and ACL.

172.16.0.0/16 is variably subnetted, 8 subnets, 2 masks

Step 5: Filter redistributed routes using a route map.

172.16.0.0/16 is variably subnetted, 8 subnets, 2 masks

172.16.0.0/16 is variably subnetted, 8 subnets, 2 masks

D 172.16.2.0/24 [90/40640000] via 172.16.12.2, 00:02:20, Serial0/0/0

172.16.0.0/16 is variably subnetted, 8 subnets, 2 masks

You might also like