About the default static. It doesn't matter it's directing to the null0 interface, all more specific traffic will get addressed and so the traffic will get forwarded, just not everything, but why forward all traffic, when it's blackholed on another upstream router otherwise? :-)
-- Regards, Rick Mur CCIE2 #21946 (R&S / Service Provider) Sr. Support Engineer – IPexpert, Inc. URL: http://www.IPexpert.com On 29 dec 2009, at 18:43, Eric Holder wrote: > Thanks for the responses...today was a good day, because I learned something > new. I tried to get the route-map to work with the continue statement with > no luck (see below config that I think should work.) Using the track > configuration works (need to add a route-map for the default-information > originate), but kind of defeats the purpose of injecting a default route to a > down stream router. The router with the default ip route 0.0.0.0 0.0.0.0 > Null0 would drop the packets from the downstream router your advertising the > default route to. You could configure the default route to use an upstream > interface. Anyways, the CCIE journey is all about learning. I believe this > configuration does meet the criteria of the question. > > track 1 ip route 100.100.100.0 255.255.255.0 reachability > ! > track 2 ip route 100.100.200.0 255.255.255.0 reachability > ! > track 3 list boolean and > object 1 > object 2 > ! > ip route 0.0.0.0 0.0.0.0 Null0 track 3 > ! > router ospf 2 > default-information originate route-map OSPF2Default > > access-list 1 permit 0.0.0.0 > > route-map OSPF2Default > match ip address 1 > > Route-map configuration with the continue statement that I think should work, > but doesn't. I tried it several different ways with no luck. The logic > seems right according to the docs. If the route-map matches it uses the > continue statement to continue evaluation. Without the continue statememnt > with a match, the route-map stops evaluting and executes. If the route-map > doesn't match, it doesn't use the continue and just goes to the next > route-map. Just in case I tried several configs with no luck. > > access-list 1 permit 100.100.100.0 0.0.0.255 > access-list 2 permit 100.100.250.0 0.0.0.255 (3rd octect 250 is correct) > access-list 3 permit any > > route-map test permit 10 > match ip address 1 > continue 30 > route-map test deny 20 > match ip address 3 > route-map test permit 30 > match ip address 2 > route-map test deny 40 > match ip address 3 > > router ospf 2 > default-information originate route-map test > > RESULTS: If the first route-map has a match, the default route is injected. > If the first route-map doesn't match, then no default route is injected. It > doesn't seem to go to the "route-map test permit 30" for further evalution. > I don't get matches on my access-list or route-map. I did this in my home > lab on 3640s running enterprise plus 12.4. > > ---- Marko Milivojevic <[email protected]> wrote: > > ============= > Just out of curiosity, have you tried with "continue" in the > route-map? It probably won't work, but give this a shot: > > route-map OSPF2Default permit 10 > match ip address 1 > continue > ! > route-map OSPF2Default permit 20 > match ip address 2 > ! > > > -- > Marko Milivojevic - CCIE #18427 > Senior Technical Instructor - IPexpert > > Mailto: [email protected] > Telephone: +1.810.326.1444 > Live Assistance, Please visit: http://www.ipexpert.com/chat > eFax: +1.810.454.0130 > On Sun, Dec 27, 2009 at 15:40, Eric Holder <[email protected]> wrote: >> Thanks Joe...but, I tried that configuration before in my home lab on 3640 >> running enterprise plus 12.4. I had some rack time this morning and tried >> configuring the route-map as you recommended on a 3825 running Advance >> Enterprise 12.4(24)T, thinking it might just be a 3640 problem. However, >> the results were the same on both: >> >> I configured the route map as follows: >> >> route-map OSPF2Default permit 10 >> match ip address 1 >> match ip address 2 >> >> Results were either route and in show run it was configured like below even >> though I typed as shown above: >> >> route-map OSPF2Default permit 10 >> match ip address 1 2 >> >> HMM...interesting...Not a big deal because in the real world if you had 2 >> connections to your ISP, you would want to inject the default route into a >> stub area. However, if I get this question on the lab, then it is. >> >> ---- Joe Astorino <[email protected]> wrote: >> >> ============= >> Give this a try: >> >> route-map OSPF2Default permit 10 >> match ip address 1 >> match ip address 2 >> >> I believe that multiple matches under the same line is considered a boolean >> AND. What you had before was on two separate entries in the route-map. >> Give it a try and let me know! >> >> On Sat, Dec 26, 2009 at 8:17 PM, Eric Holder <[email protected]> wrote: >> >>> "As long as the 100.100.100.0/24 and 100.100.200.0/24 networks are in the >>> routing table, R8 should inject a 0/0 route to the Catalyst switches." The >>> problem is that it works with either route in the route, but the question >>> states "AND" which I took to mean both must be in table. I can't get it to >>> work requiring both in the table. The answer in the book works with either >>> route, but doesn't require both. Answer: >>> >>> access-list 1 permit 100.100.100.0 0.0.0.255 >>> access-list 1 permit 100.100.200.0 0.0.0.255 >>> >>> route-map OSPF2Default permit 10 >>> match ip address 1 >>> >>> router ospf 2 >>> default-information originate route-map OSPF2Default >>> >>> I've tried it a couple of different ways: >>> access-list 1 permit 100.100.100.0 0.0.0.255 >>> access-list 2 permit 100.100.200.0 0.0.0.255 >>> >>> route-map OSPF2Default permit 10 >>> match ip address 1 >>> route-map OSPF2Default permit 20 >>> match ip address 2 >>> >>> and >>> route-map OSPF2Default permit 10 >>> match ip address 1 2 >>> >>> But all of these work with either route in the routing table, but not both >>> as the question states "AND". Once the route map sees a match it applies >>> the default route. >>> >>> Am I missing something? >>> _______________________________________________ >>> For more information regarding industry leading CCIE Lab training, please >>> visit www.ipexpert.com >>> >> >> >> >> -- >> Regards, >> >> Joe Astorino CCIE #24347 (R&S) >> Sr. Technical Instructor - IPexpert >> Mailto: [email protected] >> Telephone: +1.810.326.1444 >> Live Assistance, Please visit: www.ipexpert.com/chat >> eFax: +1.810.454.0130 >> >> IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S, >> Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & Service >> Provider) Certification Training with locations throughout the United >> States, Europe and Australia. Be sure to check out our online communities at >> www.ipexpert.com/communities and our public website at www.ipexpert.com >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
