subject:"Route\-map"

Route-map

2001-03-03 Thread Jacek Malinowski


I have a big problem with the route-map command.
My network looks like :

ISP A ISP B
  | |
  | |
  | |
  --s0--(router 2611)--- s1--

configuration (hypothetical):

interface Serial0
 ip address 1.1.1.1 255.255.255.0
  !
interface Serial1
 ip address 100.100.100.100 255.255.255.0
!
interface FastEthernet0
 ip address 10.0.0.222 255.255.255.0 secondary
 ip address 192.168.1.1 255.255.255.0
 ip policy route-map POLICY
 no ip directed-broadcast
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial1
no ip http server
!
access-list 2 permit 10.0.0.0 0.0.0.255
route-map POLICY permit 10
 match ip address 2
 set ip next-hop 1.1.1.1

traffic from the network 10.0.0.0 should go through serial 0 and ISP A
traffic from the network 192.168.1.0 should go through serial 1 and ISP B.

I don't understand how is it possible, that ping from 10.0.0.0 goes through
serial 1 and return through serial 0.
there is the policy on the ethernet interface.

I can't run BGP :( because my router is only 2611




_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Route-Map

2000-09-21 Thread Steve Warner


Hi,

Could someone explain what the right hand bit of the extended Access-list
does below. This is taken from a router running an in-bound route map for
BGP. This is used to reject routes.


Steve


route-map peer-in deny 10
 match ip address 100

route-map peer-in permit 20
 set local-preference 100
 set community 1234:80 1234:3000

access-list 100 permit ip 192.41.177.0 0.0.0.255 255.255.255.0 0.0.0.255
access-list 100 permit ip 198.32.130.0 0.0.0.255 255.255.255.0 0.0.0.255
access-list 100 permit ip any 255.255.255.128 0.0.0.127
access-list 100 permit ip host 0.0.0.0 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255
access-list 100 permit ip 10.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255
access-list 100 permit ip 172.16.0.0 0.15.255.255 255.240.0.0 0.15.255.255
access-list 100 permit ip 192.168.0.0 0.0.255.255 255.255.0.0 0.0.255.255
access-list 100 permit ip 192.0.2.0 0.0.0.255 255.255.255.0 0.0.0.255
access-list 100 permit ip 128.0.0.0 0.0.255.255 255.255.0.0 0.0.255.255
access-list 100 permit ip 191.255.0.0 0.0.255.255 255.255.0.0 0.0.255.255
access-list 100 permit ip 192.0.0.0 0.0.0.255 255.255.255.0 0.0.0.255
access-list 100 permit ip 223.255.255.0 0.0.0.255 255.255.255.0 0.0.0.255
access-list 100 permit ip 198.32.136.0 0.0.0.255 255.255.255.0 0.0.0.255
access-list 100 permit ip 149.20.0.0 0.0.255.255 255.255.0.0 0.0.255.255
access-list 100 permit ip 198.32.128.0 0.0.0.255 255.255.255.0 0.0.0.255
access-list 100 permit ip 192.157.69.0 0.0.0.255 255.255.255.0 0.0.0.255
access-list 100 permit ip 224.0.0.0 31.255.255.255 224.0.0.0 31.255.255.255
access-list 100 deny   ip any any



**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Route-map

2001-03-03 Thread Bradley J. Wilson

This is just a guess, but how about setting the next hop in the route-map to
the IP address of ISP A?

- Original Message -
From: Jacek Malinowski
Newsgroups: groupstudy.cisco
To: [EMAIL PROTECTED]
Sent: Saturday, March 03, 2001 9:27 AM
Subject: Route-map

I have a big problem with the route-map command.
My network looks like :

ISP A ISP B
  | |
  | |
  | |
  --s0--(router 2611)--- s1--

configuration (hypothetical):

interface Serial0
 ip address 1.1.1.1 255.255.255.0
  !
interface Serial1
 ip address 100.100.100.100 255.255.255.0
!
interface FastEthernet0
 ip address 10.0.0.222 255.255.255.0 secondary
 ip address 192.168.1.1 255.255.255.0
 ip policy route-map POLICY
 no ip directed-broadcast
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial1
no ip http server
!
access-list 2 permit 10.0.0.0 0.0.0.255
route-map POLICY permit 10
 match ip address 2
 set ip next-hop 1.1.1.1

traffic from the network 10.0.0.0 should go through serial 0 and ISP A
traffic from the network 192.168.1.0 should go through serial 1 and ISP B.

I don't understand how is it possible, that ping from 10.0.0.0 goes through
serial 1 and return through serial 0.
there is the policy on the ethernet interface.

I can't run BGP :( because my router is only 2611

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Route-map

2001-03-03 Thread Jacek Malinowski


Sorry, there is a bug in my hypothetical configuration.
in set ip next-hope
should be ISP A (1.1.1.2)


""Bradley J. Wilson"" <[EMAIL PROTECTED]> wrote in message
014301c0a3fa$e349f400$f402f7a5@bwilson">news:014301c0a3fa$e349f400$f402f7a5@bwilson...
> This is just a guess, but how about setting the next hop in the route-map
to
> the IP address of ISP A?
>
>
> - Original Message -
> From: Jacek Malinowski
> Newsgroups: groupstudy.cisco
> To: [EMAIL PROTECTED]
> Sent: Saturday, March 03, 2001 9:27 AM
> Subject: Route-map
>
>
> I have a big problem with the route-map command.
> My network looks like :
>
> ISP A ISP B
>   | |
>   | |
>   | |
>   --s0--(router 2611)--- s1--
>
> configuration (hypothetical):
>
> interface Serial0
>  ip address 1.1.1.1 255.255.255.0
>   !
> interface Serial1
>  ip address 100.100.100.100 255.255.255.0
> !
> interface FastEthernet0
>  ip address 10.0.0.222 255.255.255.0 secondary
>  ip address 192.168.1.1 255.255.255.0
>  ip policy route-map POLICY
>  no ip directed-broadcast
> !
> ip classless
> ip route 0.0.0.0 0.0.0.0 Serial1
> no ip http server
> !
> access-list 2 permit 10.0.0.0 0.0.0.255
> route-map POLICY permit 10
>  match ip address 2
>  set ip next-hop 1.1.1.1
>
> traffic from the network 10.0.0.0 should go through serial 0 and ISP A
> traffic from the network 192.168.1.0 should go through serial 1 and ISP B.
>
> I don't understand how is it possible, that ping from 10.0.0.0 goes
through
> serial 1 and return through serial 0.
> there is the policy on the ethernet interface.
>
> I can't run BGP :( because my router is only 2611
>
>
>
>
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Route-map

2001-03-03 Thread Santosh Koshy


Hi jacek,

Your config regarding the route-map seems ok. On the flip side let
me tell you what I think is happenning :=
1) you have a default route statement throgh serial 1 = "ip route 0.0.0.0
0.0.0.0 Serial1"
2) therefore a packet generated from 10.x.x.x by default will go through S1
3) now rememeber that the packet will have a Source Ip of 10.x.x.x and a
destination IP of y.y.y.y
4) when the packet is returned, it will obviously return it to 10.x.x.x
5) hence it comes BACK THROUGH S0

Test to see if the above is true, by doing an extended ping. If it is so
then remove the default route statement and that should solve the problem.
In any case please tell me how u went about fixing it.

Santosh Koshy




""Jacek Malinowski"" <[EMAIL PROTECTED]> wrote in message
97r3bn$etj$[EMAIL PROTECTED]">news:97r3bn$etj$[EMAIL PROTECTED]...
> I have a big problem with the route-map command.
> My network looks like :
>
> ISP A ISP B
>   | |
>   | |
>   | |
>   --s0--(router 2611)--- s1--
>
> configuration (hypothetical):
>
> interface Serial0
>  ip address 1.1.1.1 255.255.255.0
>   !
> interface Serial1
>  ip address 100.100.100.100 255.255.255.0
> !
> interface FastEthernet0
>  ip address 10.0.0.222 255.255.255.0 secondary
>  ip address 192.168.1.1 255.255.255.0
>  ip policy route-map POLICY
>  no ip directed-broadcast
> !
> ip classless
> ip route 0.0.0.0 0.0.0.0 Serial1
> no ip http server
> !
> access-list 2 permit 10.0.0.0 0.0.0.255
> route-map POLICY permit 10
>  match ip address 2
>  set ip next-hop 1.1.1.1
>
> traffic from the network 10.0.0.0 should go through serial 0 and ISP A
> traffic from the network 192.168.1.0 should go through serial 1 and ISP B.
>
> I don't understand how is it possible, that ping from 10.0.0.0 goes
through
> serial 1 and return through serial 0.
> there is the policy on the ethernet interface.
>
> I can't run BGP :( because my router is only 2611
>
>
>
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Route-map

2001-03-03 Thread Howard C. Berkowitz


Your route map affects how your traffic flows outbound to the ISP. 
Even with BGP, there is no way to guarantee how external ISPs send to 
you, or, even more, how external sources not directly connected to 
your ISP will send   It's quite common to see 30-40% of queries sent 
to one ISP have the associated response come back via a different ISP.

>I have a big problem with the route-map command.
>My network looks like :
>
> ISP A ISP B
>   | |
>   | |
>   | |
>   --s0--(router 2611)--- s1--
>
>configuration (hypothetical):
>
>interface Serial0
>  ip address 1.1.1.1 255.255.255.0
>   !
>interface Serial1
>  ip address 100.100.100.100 255.255.255.0
>!
>interface FastEthernet0
>  ip address 10.0.0.222 255.255.255.0 secondary
>  ip address 192.168.1.1 255.255.255.0
>  ip policy route-map POLICY
>  no ip directed-broadcast
>!
>ip classless
>ip route 0.0.0.0 0.0.0.0 Serial1
>no ip http server
>!
>access-list 2 permit 10.0.0.0 0.0.0.255
>route-map POLICY permit 10
>  match ip address 2
>  set ip next-hop 1.1.1.1
>
>traffic from the network 10.0.0.0 should go through serial 0 and ISP A
>traffic from the network 192.168.1.0 should go through serial 1 and ISP B.
>
>I don't understand how is it possible, that ping from 10.0.0.0 goes through
>serial 1 and return through serial 0.
>there is the policy on the ethernet interface.
>
>I can't run BGP :( because my router is only 2611
>
>
>
>
>_
>FAQ, list archives, and subscription info: 
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Route-map

2001-03-03 Thread J Roysdon


The traffic is going to return through the ISP who owns the netblock you're
using.  If ISP owns the IP, the traffic will return via that ISP no matter
which way you send it, as that ISP is announcing it (most likely in a larger
netblock).

--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
Cisco resources: http://r2cisco.artoo.net/


""Jacek Malinowski"" <[EMAIL PROTECTED]> wrote in message
97r9gs$u7h$[EMAIL PROTECTED]">news:97r9gs$u7h$[EMAIL PROTECTED]...
> Sorry, there is a bug in my hypothetical configuration.
> in set ip next-hope
> should be ISP A (1.1.1.2)
>
>
> ""Bradley J. Wilson"" <[EMAIL PROTECTED]> wrote in message
> 014301c0a3fa$e349f400$f402f7a5@bwilson">news:014301c0a3fa$e349f400$f402f7a5@bwilson...
> > This is just a guess, but how about setting the next hop in the
route-map
> to
> > the IP address of ISP A?
> >
> >
> > - Original Message -
> > From: Jacek Malinowski
> > Newsgroups: groupstudy.cisco
> > To: [EMAIL PROTECTED]
> > Sent: Saturday, March 03, 2001 9:27 AM
> > Subject: Route-map
> >
> >
> > I have a big problem with the route-map command.
> > My network looks like :
> >
> > ISP A ISP B
> >   | |
> >   | |
> >   | |
> >   --s0--(router 2611)--- s1--
> >
> > configuration (hypothetical):
> >
> > interface Serial0
> >  ip address 1.1.1.1 255.255.255.0
> >   !
> > interface Serial1
> >  ip address 100.100.100.100 255.255.255.0
> > !
> > interface FastEthernet0
> >  ip address 10.0.0.222 255.255.255.0 secondary
> >  ip address 192.168.1.1 255.255.255.0
> >  ip policy route-map POLICY
> >  no ip directed-broadcast
> > !
> > ip classless
> > ip route 0.0.0.0 0.0.0.0 Serial1
> > no ip http server
> > !
> > access-list 2 permit 10.0.0.0 0.0.0.255
> > route-map POLICY permit 10
> >  match ip address 2
> >  set ip next-hop 1.1.1.1
> >
> > traffic from the network 10.0.0.0 should go through serial 0 and ISP A
> > traffic from the network 192.168.1.0 should go through serial 1 and ISP
B.
> >
> > I don't understand how is it possible, that ping from 10.0.0.0 goes
> through
> > serial 1 and return through serial 0.
> > there is the policy on the ethernet interface.
> >
> > I can't run BGP :( because my router is only 2611
> >
> >
> >
> >
> > _
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
> > _
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Route-map

2001-03-03 Thread Kane, Christopher A.


Jacek,

You can run BGP, it doesn't matter that your router is only a 2611. What
matters is how many routes you receive from your ISP (or from both ISPs as
is your case). True, your router might not be too happy getting 97,000+
routes from both ISP's, but who says you need any routes from your ISP.?.

Not knowing your true config leaves questions. So let me make some
assumptions. Look at this from 4 perspectives. Outbound/Inbound with ISP A
and Outbound/Inbound with ISP B.

ISP A (Outbound)
You could set your default route out to serial 0. This would make ISP A your
primary path out. 
ISP A (Inbound)
You don't need any routes from this ISP if it's your default out anyway.
Adding another twist, suppose you have a /24. You could advertise a couple
/25's to this ISP (if they'll let you), via the BGP that you turn on with
them.

ISP B (Outbound)
You could set another default (weighted) to make ISP B your secondary route
out via serial 1. You don't need this ISP to send you routes if they are
merely a default route out.
ISP B (Inbound)
Again, using the example that you have a /24, you could advertise some other
/25's to this ISP (if they'll let you).

Summary
You'll most likely need your own AS. Alot of providers don't like routing to
a customer if that customer is multi-homed and doesn't have their own AS. By
breaking up the /24 and sending some of it to one provider and some of it to
the other provider, you can build in some "resilience" in case one ISP's
routing breaks or one of your WAN lines drop. That way, people can always
reach atleast some of the networks you have onsite. To further add
"resilience", advertise to ISP A the networks your sending to ISP B with
heavy weights (AS-Path prepend, Local Pref, etc..keeping in mind that some
attributes are Transitive and some are not). That way if ISP B breaks, all
of your networks will now be available via ISP A. Do the same for ISP B,
advertise your ISP A advertised networks with a larger value so that if ISP
A breaks, ISP B can now advertise all of your routes. 

Hope this helps
Chris

-Original Message-
From: Jacek Malinowski [mailto:[EMAIL PROTECTED]]
Sent: Saturday, March 03, 2001 9:27 AM
To: [EMAIL PROTECTED]
Subject: Route-map


I have a big problem with the route-map command.
My network looks like :

ISP A ISP B
  | |
  | |
  | |
  --s0--(router 2611)--- s1--

configuration (hypothetical):

interface Serial0
 ip address 1.1.1.1 255.255.255.0
  !
interface Serial1
 ip address 100.100.100.100 255.255.255.0
!
interface FastEthernet0
 ip address 10.0.0.222 255.255.255.0 secondary
 ip address 192.168.1.1 255.255.255.0
 ip policy route-map POLICY
 no ip directed-broadcast
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial1
no ip http server
!
access-list 2 permit 10.0.0.0 0.0.0.255
route-map POLICY permit 10
 match ip address 2
 set ip next-hop 1.1.1.1

traffic from the network 10.0.0.0 should go through serial 0 and ISP A
traffic from the network 192.168.1.0 should go through serial 1 and ISP B.

I don't understand how is it possible, that ping from 10.0.0.0 goes through
serial 1 and return through serial 0.
there is the policy on the ethernet interface.

I can't run BGP :( because my router is only 2611




_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Route-map

2001-03-03 Thread Brandon Peyton


You should be able to run BGP with your 2611, just wont be able to
accept full routes.

If you upgrade to 128 you could, you might be able to handle partial
routes if you have 64.

Brandon

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Jacek Malinowski
Sent: Sunday, March 04, 2001 1:27 AM
To: [EMAIL PROTECTED]
Subject: Route-map


I have a big problem with the route-map command.
My network looks like :

ISP A ISP B
  | |
  | |
  | |
  --s0--(router 2611)--- s1--

configuration (hypothetical):

interface Serial0
 ip address 1.1.1.1 255.255.255.0
  !
interface Serial1
 ip address 100.100.100.100 255.255.255.0
!
interface FastEthernet0
 ip address 10.0.0.222 255.255.255.0 secondary
 ip address 192.168.1.1 255.255.255.0
 ip policy route-map POLICY
 no ip directed-broadcast
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial1
no ip http server
!
access-list 2 permit 10.0.0.0 0.0.0.255
route-map POLICY permit 10
 match ip address 2
 set ip next-hop 1.1.1.1

traffic from the network 10.0.0.0 should go through serial 0 and ISP A
traffic from the network 192.168.1.0 should go through serial 1 and ISP B.

I don't understand how is it possible, that ping from 10.0.0.0 goes through
serial 1 and return through serial 0.
there is the policy on the ethernet interface.

I can't run BGP :( because my router is only 2611




_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Route-map

2001-03-04 Thread Jacek Malinowski


I want to thank everyone for help.
But I forgot to specify that running BGP is impossible.
The company has a small network (100 users) and connection to Internet
through ISP B (like on the picture). That link must be always up.

The problem is that the company want to test another connection to Internet
through ISP A at the same time ( small network (10 users) management :) ).
I'm working as a systems engineer in ISP A :))), and we must sell our link.

I know that the best will be BGP. I know that, but I must find another
method.
Maybe I was wrong, and with route-map command it'll be not work.
But why ?
I must be sure that tests two ISP without BGP is impossible.
THX for help




_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Route-map

2001-03-04 Thread Howard C. Berkowitz


>I want to thank everyone for help.
>But I forgot to specify that running BGP is impossible.

Why?

>The company has a small network (100 users) and connection to Internet
>through ISP B (like on the picture). That link must be always up.
>
>The problem is that the company want to test another connection to Internet
>through ISP A at the same time ( small network (10 users) management :) ).
>I'm working as a systems engineer in ISP A :))), and we must sell our link.
>
>I know that the best will be BGP. I know that, but I must find another
>method.
>Maybe I was wrong, and with route-map command it'll be not work.
>But why ?

I'm confused now what your question is.  If it's why does the ping 
response often come in through a different path than the response 
went out of, nothing is broken -- there's no reason for it not to do 
so.

Be sure you are dealing with a real requirement rather something a 
customer "would like to have."

>I must be sure that tests two ISP without BGP is impossible.
>THX for help
>

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Route-map

2001-03-04 Thread Jacek Malinowski


I want only to know if I've a default route ( 0.0.0.0 0.0.0.0 serial 1),
and ip policy route-map  on the ethernet  interface,
I'll go always trough serial 1 or if the match criteria are met I'll go
trough serial 0 ?




_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Route-map

2001-03-04 Thread Santosh Koshy


Hi Jacek,

Did you try the extended ping like I told you too... This will
enable you to specify a source and destination IP address before pinging..
This way you can clearly trace which interface; packets generated from a
specific subnet will traverse.

I am not a 100% sure, but i think your culprit is the default
route

Thanks,
Santosh


""Jacek Malinowski"" <[EMAIL PROTECTED]> wrote in message
97ths2$bjc$[EMAIL PROTECTED]">news:97ths2$bjc$[EMAIL PROTECTED]...
> I want only to know if I've a default route ( 0.0.0.0 0.0.0.0 serial 1),
> and ip policy route-map  on the ethernet  interface,
> I'll go always trough serial 1 or if the match criteria are met I'll go
> trough serial 0 ?
>
>
>
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Route-map

2001-03-04 Thread Andrew Cook


Hi Jacek,

If the secondary IP on FastEthernet0 is from your address space and there is
no dynamic routing between the customer and ISP B (ISP B has no knowledge of
your address space at the customer site), then traffic from your IP block
should NOT return via ISP B.

If you do not meet these criteria, let me ask some questions:
1. Is the secondary IP range that you are trying to use policy-routing to
force to your ISP from your address space (or does the secondary range NAT
to one of your IPs)?  If yes, then all clients using that space should be
coming back through your link if you are the only BGP speaker announcing
that network.  If it is address space from ISP B or they are announcing the
network in addition to you, then there could be multiple routes.  It needs
to be your address space unless you do option 2 below.
2. Is this a permanent solution or are you trying to get the customer to go
with you and drop ISP B altogether?  That makes a huge difference in
configuration if redundancy/failover needs to be factored in.  I'll assume
the customer wants to keep both connections in my responses below.

If you can't/won't use BGP to solve this, I only see the following choices
left:
1. If you have no communication/relationship with ISP B -
 Customer gets addresses from both providers - default to provider B, policy
route A addresses to provider A (that's what you're trying if the secondary
is your IP).  You'll need a floating default to provider A in case the B
link goes down, and you'll need to NAT A addresses if they take the B path
and NAT B addresses if they take the A path.  That way all traffic can get
out if a link fails and all traffic can find its way back, and it will
return via whatever pipe it goes out.
2. If you have communication/relationship with ISP B -
 Both ISPs can announce the addresses delegated to the customer from the
other ISP (or you as ISP A announce the ISP B addresses and don't assign any
of your own to the customer).  You'll both have to announce the same NLRI
for the range or BGP will actually prefer the other provider for your space
(takes the most specific route).  Keep policy mapping as is, no NAT needed,
but this will not guarantee symmetrical routing for reasons Howard and
others stated earlier - you have no control over other AS routing policies.
3.  If you are using private address space (can't tell from your sample but
I didn't see NAT statements so I assume you replaced public with private
before sending), you can use a variant of either 1 or 2 - there will be NAT
going on all the time rather than for specific uses.

It sounds like 1 will be the easiest and will show the customer how your
connection performs versus the competition.  If you don't need redundancy
then you can do #1 and not worry about any NAT at all.

If you want even more answers, I suggest posting to comp.dcom.sys.cisco -
someone there can probably give you the same or better answers as I did but
in an intelligible format :)

Andrew Cook


> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Jacek Malinowski
> Sent: Sunday, March 04, 2001 7:47 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Route-map
>
>
> I want only to know if I've a default route ( 0.0.0.0 0.0.0.0 serial 1),
> and ip policy route-map  on the ethernet  interface,
> I'll go always trough serial 1 or if the match criteria are met I'll go
> trough serial 0 ?
>
>
>
>
> _
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Route-map

2001-03-04 Thread Howard C. Berkowitz


Andrew Cook gave an excellent response, to which I have some inline comments.

The whole multihoming issue is very complex.  I discuss it at some 
length in Chapter 7 of my _WAN Survival Guide_ (Wiley, ISBN 
0471384283), but as part of a broader discussion of fault tolerance 
and load distribution.  I'll get into much more detail in my next 
book on exterior routing, but that isn't available yet.\

In the meantime, RFCs 1998 and 2270 give some insight.


>Hi Jacek,
>
>If the secondary IP on FastEthernet0 is from your address space and there is
>no dynamic routing between the customer and ISP B (ISP B has no knowledge of
>your address space at the customer site), then traffic from your IP block
should NOT return via ISP B.

The situation would be handled differently if your address space was 
allocated to you directly (i.e., provider independent or PI), or if 
it was sub-assigned by one of your providers (i.e., provider assigned 
or PA).

With PI space, if you are doing this for fault tolerance as well as 
load distribution, you must:

  announce your less-specific aggregate to both ISPs
  announce the more-specific prefixes to the ISP you prefer to have
traffic to that block come into your AS

With PA space, you must:

  anounce your less-specific aggregate to both ISPs
  announce the more-specific prefixes to the ISP you prefer to have
traffic to that block come into your AS
  be sure that the assigning AS advertises your more-specific as well
as its aggregate
  be sure that the other AS coordinates with the owning AS that it can
announce a more-specific from another AS's space.
  (must in Europe, strongly recommended elsewhere) Be sure that all
three AS (you and the two ISP) register the routing policies describing
this in a public routing registry.

>
>
>If you can't/won't use BGP to solve this, I only see the following choices
>left:

To be a little more blunt,

 You can't get 100% compliance with what you appear to want even if
you use BGP.  You can, however, increase the probability it will
happen most of the time.

 In many global routing situations, saying you can't use BGP is about
as relevant as a man drowning in the ocean saying, "but the US
constitution gives me a right to life."  The ocean doesn't care.
AS with whom you have no business relationship (i.e., that collect
no money from you) are under no obligation to follow policies you
announce with BGP.  They certainly aren't going to follow policies
that they don't know about because you aren't announcing the information
about your policy in BGP, or in routing registries.

In other words, there's a reasonable mind set that comes from working 
in routing that's limited to an enterprise -- that you can control 
all flow given sufficiently powerful policy enforcement mechanisms. 
To work effectively in ISP/global routing, you have to accept that 
you are no longer in complete control, and accept that the best you 
can do is influence to some extent.

If you need tighter control than that, an interprovider VPN is the 
only alternative.  VPNs, however, require that you know all the 
endpoints before configuring.  They do not support connectivity to or 
from arbitrary Internet addresses.

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Route-map

2001-03-04 Thread Vincent


1) Check the traceroute result.
2) From your configuration, after you correct it, you may find out that you
can control outgoing traffic.
You probably can not control incoming traffic.  Generally, it is very
difficult for you to control incoming
traffic.


""Jacek Malinowski"" <[EMAIL PROTECTED]> ¼¶¼g©ó¶l¥ó
97r9gs$u7h$[EMAIL PROTECTED]">news:97r9gs$u7h$[EMAIL PROTECTED]...
> Sorry, there is a bug in my hypothetical configuration.
> in set ip next-hope
> should be ISP A (1.1.1.2)
>
>
> ""Bradley J. Wilson"" <[EMAIL PROTECTED]> wrote in message
> 014301c0a3fa$e349f400$f402f7a5@bwilson">news:014301c0a3fa$e349f400$f402f7a5@bwilson...
> > This is just a guess, but how about setting the next hop in the
route-map
> to
> > the IP address of ISP A?
> >
> >
> > - Original Message -
> > From: Jacek Malinowski
> > Newsgroups: groupstudy.cisco
> > To: [EMAIL PROTECTED]
> > Sent: Saturday, March 03, 2001 9:27 AM
> > Subject: Route-map
> >
> >
> > I have a big problem with the route-map command.
> > My network looks like :
> >
> > ISP A ISP B
> >   | |
> >   | |
> >   | |
> >   --s0--(router 2611)--- s1--
> >
> > configuration (hypothetical):
> >
> > interface Serial0
> >  ip address 1.1.1.1 255.255.255.0
> >   !
> > interface Serial1
> >  ip address 100.100.100.100 255.255.255.0
> > !
> > interface FastEthernet0
> >  ip address 10.0.0.222 255.255.255.0 secondary
> >  ip address 192.168.1.1 255.255.255.0
> >  ip policy route-map POLICY
> >  no ip directed-broadcast
> > !
> > ip classless
> > ip route 0.0.0.0 0.0.0.0 Serial1
> > no ip http server
> > !
> > access-list 2 permit 10.0.0.0 0.0.0.255
> > route-map POLICY permit 10
> >  match ip address 2
> >  set ip next-hop 1.1.1.1
> >
> > traffic from the network 10.0.0.0 should go through serial 0 and ISP A
> > traffic from the network 192.168.1.0 should go through serial 1 and ISP
B.
> >
> > I don't understand how is it possible, that ping from 10.0.0.0 goes
> through
> > serial 1 and return through serial 0.
> > there is the policy on the ethernet interface.
> >
> > I can't run BGP :( because my router is only 2611
> >
> >
> >
> >
> > _
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
> > _
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
>
> _
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Route-Map

2000-09-21 Thread Rodgers Moore


Steve,

The second pair of numbers on the access lists have to do with the mask that
is sent in the routing update.

10.1.1.0 0.0.0.255 255.255.255.0 0.0.0.255
++
this means network 10.1.1.0 & we don't care what the 4th octet is.
the second part means the mask must be at least 255.255.255.0  and we don't
care what the 4th octet of the mask is.

so if we got an advertisement for 10.0.0.0 mask 255.0.0.0 it would be thrown
out.

now what if my acl looked like this

10.0.0.0 0.255.255.255.  255.255.0.0. 0.0.0.0

this means any network that starts out with a 10 and we don't care about the
rest.
the second part means that only routes with a 255.255.0.0 mask.so all
routes with masks other than 255.255.0.0 are thrown out.

lastly, you have a good example in your config.

access-list 100 permit ip any 255.255.255.128 0.0.0.127

this means we'll accept routes to any network, but only if it is a subnet of
25 bits or more.

Rodgers Moore

""Steve Warner"" <[EMAIL PROTECTED]> wrote in message
008d01c023d9$cd8e3be0$[EMAIL PROTECTED]">news:008d01c023d9$cd8e3be0$[EMAIL PROTECTED]...
> Hi,
>
> Could someone explain what the right hand bit of the extended Access-list
> does below. This is taken from a router running an in-bound route map for
> BGP. This is used to reject routes.
>
>
> Steve
>
>
> route-map peer-in deny 10
>  match ip address 100
>
> route-map peer-in permit 20
>  set local-preference 100
>  set community 1234:80 1234:3000
>
> access-list 100 permit ip 192.41.177.0 0.0.0.255 255.255.255.0 0.0.0.255
> access-list 100 permit ip 198.32.130.0 0.0.0.255 255.255.255.0 0.0.0.255
> access-list 100 permit ip any 255.255.255.128 0.0.0.127
> access-list 100 permit ip host 0.0.0.0 any
> access-list 100 permit ip 127.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255
> access-list 100 permit ip 10.0.0.0 0.255.255.255 255.0.0.0 0.255.255.255
> access-list 100 permit ip 172.16.0.0 0.15.255.255 255.240.0.0 0.15.255.255
> access-list 100 permit ip 192.168.0.0 0.0.255.255 255.255.0.0 0.0.255.255
> access-list 100 permit ip 192.0.2.0 0.0.0.255 255.255.255.0 0.0.0.255
> access-list 100 permit ip 128.0.0.0 0.0.255.255 255.255.0.0 0.0.255.255
> access-list 100 permit ip 191.255.0.0 0.0.255.255 255.255.0.0 0.0.255.255
> access-list 100 permit ip 192.0.0.0 0.0.0.255 255.255.255.0 0.0.0.255
> access-list 100 permit ip 223.255.255.0 0.0.0.255 255.255.255.0 0.0.0.255
> access-list 100 permit ip 198.32.136.0 0.0.0.255 255.255.255.0 0.0.0.255
> access-list 100 permit ip 149.20.0.0 0.0.255.255 255.255.0.0 0.0.255.255
> access-list 100 permit ip 198.32.128.0 0.0.0.255 255.255.255.0 0.0.0.255
> access-list 100 permit ip 192.157.69.0 0.0.0.255 255.255.255.0 0.0.0.255
> access-list 100 permit ip 224.0.0.0 31.255.255.255 224.0.0.0
31.255.255.255
> access-list 100 deny   ip any any
>
>
>
> **NOTE: New CCNA/CCDA List has been formed. For more information go to
> http://www.groupstudy.com/list/Associates.html
> _
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>


**NOTE: New CCNA/CCDA List has been formed. For more information go to
http://www.groupstudy.com/list/Associates.html
_
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Route map [7:33429]

2002-01-28 Thread BASSOLE Rock


Hi group,


I would like to define a route-map on a router to forward certain packets
(defined by the ACL 101)  to 2 different next-hop address. I use 2 next-hop
addresses to avoid the single point of failure. The 2 next-hop addresses are
directly attached to the router.

The first next-hop address 10.10.10.10, the primary gateway, would be used
to forward all packet maching ACL 101. If the primary went down then the
second next-hop 11.11.11.11, the backup, would be used to forward all
packets maching ACL 101.


Would the following route-map do as I want?

route-map test permit 10
match ip address 101
set ip next-hop 10.10.10.10
set ip next-hop 11.11.11.11

access-list 101 permit ip any host 10.10.12.12

Any information is welcome.
Thank you all.

Rock BASSOLE




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=33429&t=33429
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

What is route map ?

2000-08-09 Thread Tapas Das


What is route map ?


Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

route-map ping problem

2000-05-29 Thread Eric Lam


All,

After I using route-map to map the NAT pool, I can't ping from inside to
outside but other service are ok (e.g. www, telnet, ftp).

original config (no problem for ping)
ip nat pool test 192.168.115.219 192.168.115.220 netmask 255.255.255.224
ip nat inside source list 1 pool test overload

new config ( can't ping from inside net PC to outside)
ip nat pool test 192.168.115.219 192.168.115.220 netmask 255.255.255.224
ip nat inside source route-map to-test pool test overload

is there any reason for that ??

Pls help.
Thanks, Eric



___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Route-map /distribute-list

2000-05-31 Thread Ida Leung


Question:

If i have put both route-map and distribute-list on my bgp config for the
routes i export out, will they execute in sequence?  Will 142.77.225.70/30
annouce for the following configure?

e.g. route-map export-customer permit 10
 match ip address 10
 
 access-list 10 permit ip host 142.77.225.70 host 255.255.255.252
 access-list 11 deny   ip 127.0.0.0 0.255.255.255 255.0.0.0
0.255.255.255

Then my bgp session is :

neighbor x.x.x.x route-map export-customer out
neighbor x.x.x.x.distribute-list 11 out

Pls advise.

Ida


---
 Ida Leung
 UUNET - A WorldCom company
 Network Operations 
 (416)216-5127

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

ip policy route-map

2000-06-08 Thread Jesus Suarez Gonzalez


I want use the command ip policy route-map for break the traffic in a
router,
is this possible
thanks.


Jesus H. Suarez Gonzalez
Altos Hornos de Mexico
Subgcia. Comunicaciones
conectividad
[EMAIL PROTECTED]
493600 E3715

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

BGP Route map [7:4730]

2001-05-16 Thread Davis, Scott [ISE/RAC]


In a BGP route map, when you use the match statement: 

match 
next hop x.x.x.x

Is this set to match inbound, or outbound, packets passing through the
specified interface, or am I completely off-base and it is neither one?

TIA
Scott




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4730&t=4730
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Route map [7:33429]

2002-01-30 Thread Constantin Tivig


Rock,

If you have intf s0 to ISP1(desired) and intf s1 to ISP2,
I would try
"Set int s0 s1" after the match clause.
If s0 is up-up, it uses ISP1, if it goes down then it uses s1 (ISP2). At
least is should be so...

Constantin Tivig
mcse,ccna blablabla

-Original Message-
From: BASSOLE Rock [mailto:[EMAIL PROTECTED]] 
Sent: Monday, January 28, 2002 5:20 PM
To: [EMAIL PROTECTED]
Subject: Route map [7:33429]

Hi group,


I would like to define a route-map on a router to forward certain packets
(defined by the ACL 101)  to 2 different next-hop address. I use 2 next-hop
addresses to avoid the single point of failure. The 2 next-hop addresses are
directly attached to the router.

The first next-hop address 10.10.10.10, the primary gateway, would be used
to forward all packet maching ACL 101. If the primary went down then the
second next-hop 11.11.11.11, the backup, would be used to forward all
packets maching ACL 101.


Would the following route-map do as I want?

route-map test permit 10
match ip address 101
set ip next-hop 10.10.10.10
set ip next-hop 11.11.11.11

access-list 101 permit ip any host 10.10.12.12

Any information is welcome.
Thank you all.

Rock BASSOLE




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=33666&t=33429
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Route map [7:33429]

2002-01-30 Thread Ian Henderson


On Mon, 28 Jan 2002, BASSOLE Rock wrote:

> The first next-hop address 10.10.10.10, the primary gateway, would be used
> to forward all packet maching ACL 101. If the primary went down then the
> second next-hop 11.11.11.11, the backup, would be used to forward all
> packets maching ACL 101.

If you have CDP information from the two upstream routers, you could write
a route-map using the 'verify-availability' command. Take a look at the
following example and URL:

route-map MOVE-STUFF permit 10
 match ip address 101
 set ip next-hop 192.168.0.1
 set ip next-hop verify-availability

route-map MOVE-STUFF permit 20
 match ip address 101
 set ip next-hop 192.168.1.1

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/switch_c/xcprt3/xcdnfc.htm

I have no idea if this works, I just noticed it fiddling with next-hops
last week.

Rgds,




- I.

--
Ian Henderson CCNA, CCNP
Network Engineer, iiNet Limited




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=33676&t=33429
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Route-map question [7:34431]

2002-02-04 Thread Hunt Lee


I have a Route-Map question that I'm very confused about:

The scenario is from Caslow (p840), it is as follows:

Company A has a full T3 connection to the Internet thru the ISP AAA-101.NET.
Company B  has a T1 connection to the Internet thru the ISP BBB-202.Net.
Company A acquires Company B, but Company A wants to keep both Internet
connections, with the exception of packets originating from the AS of
BBB-202.Net (BBB-202.Net's AS is 202).  All traffic originating from AS 202
will use the T1 Internet connection.

Caslow states in order to do this, the following configs should be used on
RouterB

router bgp 1000
neighbor 10.1.1.1 remote-as 1000
neighbor 172.16.1.100 remote-as 202
neighbor 172.16.1.100 route-map AS-200-IN in

no ip classless
ip as-path access-list 1 permit _300$

route-map AS-200-IN permit 10
match as-path 1
set local-preference 200

route-map AS-200-IN permit 20

What I don't understand is:

With the "set local-preference 200" statement, it directs the traffic
(routes coming from AS 202 / neighbor 172.16.1.100) to go out via Router B.
However, what makes the router not passing any other routes (not from AS
200)? Wouldn't they still be able to go out thru Router B as well?  In
consideration that the local preference has not been changed on the router.

Any help will be greatly appreciated.

Best Regards,
Hunt Lee
System Engineer
WebCentral




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34431&t=34431
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Route-Map To Loopback Interface

2000-07-27 Thread Adrian Chew


I've seen this in some configurations where traffic is sent via a route-map
to an IP address that is on the same subnet as a router's loopback
interface.

Eg.

interface ethernet 0
 ip address 192.168.1.1 255.255.255.0
 ip policy route-map abc

interface loopback 0
ip address 192.168.255.1 255.255.255.0

access-list 100 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255

route-map abc permit 10
 match ip address 100
 set ip next-hop 192.168.255.2

Could anyone explain how having traffic routed via a loopback interface
might help in certain situations?

Thanks.

Regards,
Adrian


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: What is route map ?

2000-08-09 Thread David Jones


You can use in conjunction with access-lists to force traffic in a certain
direction.  For instance, I have a customer with a multiple ethernet port
router and a firewall on one of those ports.  I can use the route-map
statements along with access-lists to force certain traffic through the
firewall.

HTH

Dave

-Original Message-
From: Tapas Das [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 09, 2000 1:32 PM
To: [EMAIL PROTECTED]
Subject: What is route map ?


What is route map ?


Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: What is route map ?

2000-08-09 Thread Subramanian Nallasivam

Hi Tapas,

   Route map is used for controlling and modify routing information.
This is done by definfing conditions for distributing routes from one
routing protocol to another or controlling routing information when
injected in and out of BGP. Hope this helps.

Thanks,
-Subbi.

Tapas Das wrote:

> What is route map ?
>
> 
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
>
> ___
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: What is route map ?

2000-08-09 Thread Francisco Muniz


They are also used in route redistribution (to announce the right route in
the right place) and policy routing (to route a packet with certain defined
characteristics somewhere else than default routing, for example, to route
http traffic to a cache). It's chapter 14 on Doyle's book.

Francisco.
Subramanian Nallasivam <[EMAIL PROTECTED]> escribió en el mensaje de
noticias [EMAIL PROTECTED]
> Hi Tapas,
>
>Route map is used for controlling and modify routing information.
> This is done by definfing conditions for distributing routes from one
> routing protocol to another or controlling routing information when
> injected in and out of BGP. Hope this helps.
>
> Thanks,
> -Subbi.
>
>
> Tapas Das wrote:
>
> > What is route map ?
> >
> > 
> > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
> >
> > ___
> > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> > FAQ, list archives, and subscription info: http://www.groupstudy.com
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
>
>
> ___
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> ---


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: route-map ping problem

2000-05-31 Thread Andrew Larkins


where are the access lists for the route map??

Andrew Larkins
Usko Communications
Tel: +2711 236-8000 
Fax: +2711 236-8350
Cell: +2783-656-7214
Email: [EMAIL PROTECTED] 
   

"This message may contain information which is confidential and subject to
legal privilege.  If you are not the intended recipient, you may not peruse,
use, disseminate, distribute or copy this message.  If you have received
this message in error, please notify the sender immediately by email,
facsimile or telephone and return and/or destroy the original message."




-Original Message-
From: Eric Lam [mailto:[EMAIL PROTECTED]]
Sent: 30 May 2000 03:48
To: [EMAIL PROTECTED]
Subject: route-map ping problem


All,

After I using route-map to map the NAT pool, I can't ping from inside to
outside but other service are ok (e.g. www, telnet, ftp).

original config (no problem for ping)
ip nat pool test 192.168.115.219 192.168.115.220 netmask 255.255.255.224
ip nat inside source list 1 pool test overload

new config ( can't ping from inside net PC to outside)
ip nat pool test 192.168.115.219 192.168.115.220 netmask 255.255.255.224
ip nat inside source route-map to-test pool test overload

is there any reason for that ??

Pls help.
Thanks, Eric



___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: route-map ping problem

2000-05-31 Thread Eric Lam


Hi Andrew,

Actually, the case is like this:

1. we have connected to two diff. isp (one primary and one as backup)
2. a cisco router 2600 with fw feature set is conected to the internal
network (ethernet) and on the other side connected to the two isp router
through another ethernet.
3. eigrp is running between the 2600 router and the isp routers, so two
default route with diff. cost is passed to the 2600 router
4. route-map is used in order for correct NAT mapping.

the access list is just like this:
access-list 20 permit 192.168.115.222
(where 192.168.115.222 is the ethernet addr of the isp1 router)

route-map to-isp1 permit 20
 match ip next-hop 20

however, after I apply this route-map, I can't ping inside my internal
network (other service working fine e.g. www, telnet, ftp).  Is there any
reason for that.  I suspect that IP NAT process sequence is diff. when using
'route-map' instead of 'list'.  Do you know where in cisco web site I could
checkout in details how route-map + nat is working.

Thanks in adv., Eric


Andrew Larkins <[EMAIL PROTECTED]> wrote in message
news:<8F5F72F80EF5D311ADE600A0C9DCF862379E86@UBDCCOMJHBEX>...
> where are the access lists for the route map??
>
> Andrew Larkins
> Usko Communications
> Tel: +2711 236-8000
> Fax: +2711 236-8350
> Cell: +2783-656-7214
> Email: [EMAIL PROTECTED]
>
>
> "This message may contain information which is confidential and subject to
> legal privilege.  If you are not the intended recipient, you may not
peruse,
> use, disseminate, distribute or copy this message.  If you have received
> this message in error, please notify the sender immediately by email,
> facsimile or telephone and return and/or destroy the original message."
>
>
>
>
> -Original Message-
> From: Eric Lam [mailto:[EMAIL PROTECTED]]
> Sent: 30 May 2000 03:48
> To: [EMAIL PROTECTED]
> Subject: route-map ping problem
>
>
> All,
>
> After I using route-map to map the NAT pool, I can't ping from inside to
> outside but other service are ok (e.g. www, telnet, ftp).
>
> original config (no problem for ping)
> ip nat pool test 192.168.115.219 192.168.115.220 netmask 255.255.255.224
> ip nat inside source list 1 pool test overload
>
> new config ( can't ping from inside net PC to outside)
> ip nat pool test 192.168.115.219 192.168.115.220 netmask 255.255.255.224
> ip nat inside source route-map to-test pool test overload
>
> is there any reason for that ??
>
> Pls help.
> Thanks, Eric
>
>
>
> ___
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> ___
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> ---


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Route-map /distribute-list

2000-05-31 Thread Joe Martin


Route maps, filter lists and distribute lists are mutually exclusive.  To
gain the functionality, do it all with a route map.

JOE
CCIE 5917


"Ida Leung" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Question:
>
> If i have put both route-map and distribute-list on my bgp config for the
> routes i export out, will they execute in sequence?  Will 142.77.225.70/30
> annouce for the following configure?
>
> e.g. route-map export-customer permit 10
>  match ip address 10
>
>  access-list 10 permit ip host 142.77.225.70 host 255.255.255.252
>  access-list 11 deny   ip 127.0.0.0 0.255.255.255 255.0.0.0
> 0.255.255.255
>
> Then my bgp session is :
>
> neighbor x.x.x.x route-map export-customer out
> neighbor x.x.x.x.distribute-list 11 out
>
> Pls advise.
>
> Ida
>
>
> ---
>  Ida Leung
>  UUNET - A WorldCom company
>  Network Operations
>  (416)216-5127
>
> ___
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> ---


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Route Map Question [7:60263]

2003-01-03 Thread Daren Presbitero

Hello,

Had a question and been trying to figure this one out for a while now.
I have a router with an internal 205.10.1.0/24 network hanging off of fa0/0
and external connection to lots of other networks that start with 205.  I
want to create a 205.0.0.0/8 static route pointing everything to the
external gateway router, but will have problems when sending to an external
network (205.10.50.0/24) because the longest matched route will come up as
the internal 205.10.1.0 network's route, not the 205.0.0.0 static route.  I
need to force the packet to route through the 205 static route IF it does
not match the internal network.  How would I do this with a route-map?
NOTE: I need the route-map to check the dest.IP and IF it is not destined
for the 205.10.1.0 subnet then send it to the upstream default gateway.

Mahalo for your help,
Daren




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=60263&t=60263
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Route-map questions [7:55098]

2002-10-08 Thread Stefan Razeshu


Hello Group,

I try to create a simple configuration for a company that have two internet
connections, and also i want some users to use one internet provider and
others the second ISP. I created a route-map as following.

access-list 5 permit 172.16.1.0 0.0.0.255
access-list 6 permit 172.16.2.0 0.0.0.255

route-map internet permit 10
match ip address 5
set ip next-hop address_ISP_1 address_ISP_2
route-map internet permit 20
match ip address 6
set ip next-hop address_ISP_2 address_ISP_1

All thinks are working but I have problem when the link on one interface is
going down but the interface is still up.
How I can resolve this? it is somethink like HSRP tracking that i can use?
Regards 
Stefan



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=55098&t=55098
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Route Map was Configuration help.

2000-10-19 Thread Daniel Cotts


Use a route map. This is a newer feature. Check that it will work on your
version of IOS. It is also known as policy based routing.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/qos_c
/qcpart1/qcpolicy.htm#5351

Create a route map.
router#(config) route-map A permit 10
router#(config) set interface s0/0

Apply it to an interface.
router#(config-if) int fa0/0
router#(config-if) ip policy route-map A
router#(config-if) ip route-cache policy
router#(config-if) exit

I haven't tested this but it should work for your first condition. Create a
similar one for Fa0/1.
-Original Message-
From: net974 at Yahoo [mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 19, 2000 8:45 AM
To: [EMAIL PROTECTED]
Subject: Configuration help.


Hi, 

I have 2621 router: 2 WAN links and 2 EtherPorts.

I want to configure this for one-to-one basis.

all tarffic comming from Fa0/0 goes S0/0 and
traffic comming from Fa0/1 goes S0/1.

How I can do this, Pls help

TIA


Gm

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: BGP Route map [7:4730]

2001-05-16 Thread Davis, Scott [ISE/RAC]


That should read 
match interface

-Original Message-
From: Davis, Scott [ISE/RAC] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 16, 2001 15:02
To: [EMAIL PROTECTED]
Subject: BGP Route map [7:4730]


In a BGP route map, when you use the match statement: 

match 
next hop x.x.x.x

Is this set to match inbound, or outbound, packets passing through the
specified interface, or am I completely off-base and it is neither one?

TIA
Scott
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4738&t=4730
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: BGP Route map [7:4730]

2001-05-16 Thread Davis, Scott [ISE/RAC]


ok sorry for all the posts, lets try this one more time. 
I am working on practice tests for BSCN and do not understand
why I got this one wrong. Given the following:

match clauses:
interface ethernet0
set clauses:
next hop x.x.x.x

Does this attempt to match outbound or inbound packets on the 
interface and set the next hop?

Last change, I promise


-Original Message-
From: Davis, Scott [ISE/RAC] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 16, 2001 15:02
To: [EMAIL PROTECTED]
Subject: BGP Route map [7:4730]


In a BGP route map, when you use the match statement: 

match 
next hop x.x.x.x

Is this set to match inbound, or outbound, packets passing through the
specified interface, or am I completely off-base and it is neither one?

TIA
Scott
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4742&t=4730
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: BGP Route map [7:4730]

2001-05-16 Thread andyh


to apply a route-map you need to specify on a per neighbor basis, specifying
the direction.  You can also have different (or the same) route-map(s)
applied in different directions, should you have a need to do this.  Syntax
is:

neighbor  route-map  

hth

Andy

- Original Message -
From: "Davis, Scott [ISE/RAC]" 
To: 
Sent: Wednesday, May 16, 2001 10:00 PM
Subject: RE: BGP Route map [7:4730]


> ok sorry for all the posts, lets try this one more time.
> I am working on practice tests for BSCN and do not understand
> why I got this one wrong. Given the following:
>
> match clauses:
> interface ethernet0
> set clauses:
> next hop x.x.x.x
>
> Does this attempt to match outbound or inbound packets on the
> interface and set the next hop?
>
> Last change, I promise
>
>
> -Original Message-
> From: Davis, Scott [ISE/RAC] [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, May 16, 2001 15:02
> To: [EMAIL PROTECTED]
> Subject: BGP Route map [7:4730]
>
>
> In a BGP route map, when you use the match statement:
>
> match
> next hop x.x.x.x
>
> Is this set to match inbound, or outbound, packets passing through the
> specified interface, or am I completely off-base and it is neither one?
>
> TIA
> Scott
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4767&t=4730
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: BGP Route map [7:4730]

2001-05-16 Thread Erick B.

Route-maps work in both directions, but many functions
in IOS can reference a route-map. 

For more control, use an access-list as well. The one
you posted will set the next hop for any traffic going
across the ethernet interface except locally generated
traffic by the router. Also, the next hop has to be
adjancent to the router (not more then 1 hop away)
else policy routing will fail and normal forwarding
will take place.

For traffic generated by the router to be policy
routed using the route-map, you need to do 'ip local
policy (route-map-name)'. 

Example:

route-map redirect perm 10
  match ip address 101
  match interface ethernet0
  set ip next-hop x.x.x.x

This will set the next-hop for traffic on Ethernet0
that matches ACL 101. To control which direction, you
could use the source address of internal users in the
ACL. 

For example:

access-list 101 perm ip 10.0.0.0 0.255.255.255 any

That would change the next-hop only for 10.x.x.x users
going anywhere. Everyone else would take routes in
routing table (normal forwarding). 

Policy Routing is like a Super Static Route since you
can route traffic on anything a ACL can match on. 

HTH, Erick

--- "Davis, Scott [ISE/RAC]"
 wrote:
> ok sorry for all the posts, lets try this one more
> time. 
> I am working on practice tests for BSCN and do not
> understand
> why I got this one wrong. Given the following:
> 
> match clauses:
> interface ethernet0
> set clauses:
> next hop x.x.x.x
> 
> Does this attempt to match outbound or inbound
> packets on the 
> interface and set the next hop?
> 
> Last change, I promise
> 
> 
> -Original Message-
> From: Davis, Scott [ISE/RAC]
> [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, May 16, 2001 15:02
> To: [EMAIL PROTECTED]
> Subject: BGP Route map [7:4730]
> 
> 
> In a BGP route map, when you use the match
> statement: 
> 
> match 
> next hop x.x.x.x
> 
> Is this set to match inbound, or outbound, packets
> passing through the
> specified interface, or am I completely off-base and
> it is neither one?

__
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/

Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4799&t=4730
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: BGP Route map [7:4730]

2001-05-16 Thread Bernard

Now that we are at the subject of route-map, my experience show that the
x.x.x.x address in the command 

set ip next-hop x.x.x.x

must be a directly connected router's interface, in other words, it can not
be more than one hop away.
Can anyone confirm, or dispute this?

Bernard

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Erick B.
Sent: Wednesday, May 16, 2001 9:46 PM
To: [EMAIL PROTECTED]
Subject: RE: BGP Route map [7:4730]

Route-maps work in both directions, but many functions
in IOS can reference a route-map. 

For more control, use an access-list as well. The one
you posted will set the next hop for any traffic going
across the ethernet interface except locally generated
traffic by the router. Also, the next hop has to be
adjancent to the router (not more then 1 hop away)
else policy routing will fail and normal forwarding
will take place.

For traffic generated by the router to be policy
routed using the route-map, you need to do 'ip local
policy (route-map-name)'. 

Example:

route-map redirect perm 10
  match ip address 101
  match interface ethernet0
  set ip next-hop x.x.x.x

This will set the next-hop for traffic on Ethernet0
that matches ACL 101. To control which direction, you
could use the source address of internal users in the
ACL. 

For example:

access-list 101 perm ip 10.0.0.0 0.255.255.255 any

That would change the next-hop only for 10.x.x.x users
going anywhere. Everyone else would take routes in
routing table (normal forwarding). 

Policy Routing is like a Super Static Route since you
can route traffic on anything a ACL can match on. 

HTH, Erick

--- "Davis, Scott [ISE/RAC]"
 wrote:
> ok sorry for all the posts, lets try this one more
> time. 
> I am working on practice tests for BSCN and do not
> understand
> why I got this one wrong. Given the following:
> 
> match clauses:
> interface ethernet0
> set clauses:
> next hop x.x.x.x
> 
> Does this attempt to match outbound or inbound
> packets on the 
> interface and set the next hop?
> 
> Last change, I promise
> 
> 
> -Original Message-
> From: Davis, Scott [ISE/RAC]
> [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, May 16, 2001 15:02
> To: [EMAIL PROTECTED]
> Subject: BGP Route map [7:4730]
> 
> 
> In a BGP route map, when you use the match
> statement: 
> 
> match 
> next hop x.x.x.x
> 
> Is this set to match inbound, or outbound, packets
> passing through the
> specified interface, or am I completely off-base and
> it is neither one?

Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4807&t=4730
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: BGP Route map [7:4730]

2001-05-17 Thread Erick B.


That is correct. If it is not adjancent/directly
connected or more then 1 hop away then the route-map
policy will be rejected and normal forwarding takes
place (debug policy). 

cisco.com has conflicting docs on this. Some say it
has to be adjancent, others say it doesn't. I remember
one saying "it not need be adjancent". 

--- Bernard  wrote:
> Now that we are at the subject of route-map, my
> experience show that the
> x.x.x.x address in the command 
> 
> set ip next-hop x.x.x.x
> 
> must be a directly connected router's interface, in
> other words, it can not
> be more than one hop away.
> Can anyone confirm, or dispute this?
> 
> Bernard
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of
> Erick B.
> Sent: Wednesday, May 16, 2001 9:46 PM
> To: [EMAIL PROTECTED]
> Subject: RE: BGP Route map [7:4730]
> 
> 
> Route-maps work in both directions, but many
> functions
> in IOS can reference a route-map. 
> 
> For more control, use an access-list as well. The
> one
> you posted will set the next hop for any traffic
> going
> across the ethernet interface except locally
> generated
> traffic by the router. Also, the next hop has to be
> adjancent to the router (not more then 1 hop away)
> else policy routing will fail and normal forwarding
> will take place.
> 
> For traffic generated by the router to be policy
> routed using the route-map, you need to do 'ip local
> policy (route-map-name)'. 
> 
> Example:
> 
> route-map redirect perm 10
>   match ip address 101
>   match interface ethernet0
>   set ip next-hop x.x.x.x
> 
> This will set the next-hop for traffic on Ethernet0
> that matches ACL 101. To control which direction,
> you
> could use the source address of internal users in
> the
> ACL. 
> 
> For example:
> 
> access-list 101 perm ip 10.0.0.0 0.255.255.255 any
> 
> That would change the next-hop only for 10.x.x.x
> users
> going anywhere. Everyone else would take routes in
> routing table (normal forwarding). 
> 
> Policy Routing is like a Super Static Route since
> you
> can route traffic on anything a ACL can match on. 
> 
> HTH, Erick
> 
> --- "Davis, Scott [ISE/RAC]"
>  wrote:
> > ok sorry for all the posts, lets try this one more
> > time. 
> > I am working on practice tests for BSCN and do not
> > understand
> > why I got this one wrong. Given the following:
> > 
> > match clauses:
> > interface ethernet0
> > set clauses:
> > next hop x.x.x.x
> > 
> > Does this attempt to match outbound or inbound
> > packets on the 
> > interface and set the next hop?
> > 
> > Last change, I promise
> > 
> > 
> > -Original Message-
> > From: Davis, Scott [ISE/RAC]
> > [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, May 16, 2001 15:02
> > To: [EMAIL PROTECTED]
> > Subject: BGP Route map [7:4730]
> > 
> > 
> > In a BGP route map, when you use the match
> > statement: 
> > 
> > match 
> > next hop x.x.x.x
> > 
> > Is this set to match inbound, or outbound, packets
> > passing through the
> > specified interface, or am I completely off-base
> and
> > it is neither one?
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]


__
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4877&t=4730
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: BGP Route map [7:4730]

2001-05-17 Thread Erick B.


That is correct. If it is not adjancent/directly
connected or more then 1 hop away then the route-map
policy will be rejected and normal forwarding takes
place (debug policy). 

cisco.com has conflicting docs on this. Some say it
has to be adjancent, others say it doesn't. I remember
one saying "it not need be adjancent". 

--- Bernard  wrote:
> Now that we are at the subject of route-map, my
> experience show that the
> x.x.x.x address in the command 
> 
> set ip next-hop x.x.x.x
> 
> must be a directly connected router's interface, in
> other words, it can not
> be more than one hop away.
> Can anyone confirm, or dispute this?
> 
> Bernard
> 
> 
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of
> Erick B.
> Sent: Wednesday, May 16, 2001 9:46 PM
> To: [EMAIL PROTECTED]
> Subject: RE: BGP Route map [7:4730]
> 
> 
> Route-maps work in both directions, but many
> functions
> in IOS can reference a route-map. 
> 
> For more control, use an access-list as well. The
> one
> you posted will set the next hop for any traffic
> going
> across the ethernet interface except locally
> generated
> traffic by the router. Also, the next hop has to be
> adjancent to the router (not more then 1 hop away)
> else policy routing will fail and normal forwarding
> will take place.
> 
> For traffic generated by the router to be policy
> routed using the route-map, you need to do 'ip local
> policy (route-map-name)'. 
> 
> Example:
> 
> route-map redirect perm 10
>   match ip address 101
>   match interface ethernet0
>   set ip next-hop x.x.x.x
> 
> This will set the next-hop for traffic on Ethernet0
> that matches ACL 101. To control which direction,
> you
> could use the source address of internal users in
> the
> ACL. 
> 
> For example:
> 
> access-list 101 perm ip 10.0.0.0 0.255.255.255 any
> 
> That would change the next-hop only for 10.x.x.x
> users
> going anywhere. Everyone else would take routes in
> routing table (normal forwarding). 
> 
> Policy Routing is like a Super Static Route since
> you
> can route traffic on anything a ACL can match on. 
> 
> HTH, Erick
> 
> --- "Davis, Scott [ISE/RAC]"
>  wrote:
> > ok sorry for all the posts, lets try this one more
> > time. 
> > I am working on practice tests for BSCN and do not
> > understand
> > why I got this one wrong. Given the following:
> > 
> > match clauses:
> > interface ethernet0
> > set clauses:
> > next hop x.x.x.x
> > 
> > Does this attempt to match outbound or inbound
> > packets on the 
> > interface and set the next hop?
> > 
> > Last change, I promise
> > 
> > 
> > -Original Message-
> > From: Davis, Scott [ISE/RAC]
> > [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, May 16, 2001 15:02
> > To: [EMAIL PROTECTED]
> > Subject: BGP Route map [7:4730]
> > 
> > 
> > In a BGP route map, when you use the match
> > statement: 
> > 
> > match 
> > next hop x.x.x.x
> > 
> > Is this set to match inbound, or outbound, packets
> > passing through the
> > specified interface, or am I completely off-base
> and
> > it is neither one?
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]


=
Erick Bergquist
http://erick.bergquist.org
CCNP+Security, NNCSE

__
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=4878&t=4730
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Route-map question [7:34431]

2002-02-05 Thread Tom Martin

Hunt,

You are correct, there is nothing filtering the routes entering from
Router B, without local preference set higher on 10.1.1.1 (Router A?) for
the routes, nothing will prevent AS 202 from being used for other
destinations as well.

More confusing to me is the configuration.

I read the question as if Router B should only be used for packets
_originating_ from AS 202, which should use the T1 connection.  In this
case an outbound filter would be appropriate, along with a community tag
of no-export.

Even if this the reverse is true (which the configuration seems to
indicate), the as-path access-list is only setting local preference for
the AS 300 destination!  It seems like the following access-list should
have been used:

  ip as-path access-list 1 permit ^202$

Then again, perhaps I have just totally misunderstood the question. Either
way, I hope that this helps.

- Tom

On Mon, 04 Feb 2002 23:43:41 -0500, Hunt Lee wrote:

> I have a Route-Map question that I'm very confused about:
> 
> The scenario is from Caslow (p840), it is as follows:
> 
> Company A has a full T3 connection to the Internet thru the ISP
> AAA-101.NET. Company B  has a T1 connection to the Internet thru the ISP
> BBB-202.Net. Company A acquires Company B, but Company A wants to keep
> both Internet connections, with the exception of packets originating
> from the AS of BBB-202.Net (BBB-202.Net's AS is 202).  All traffic
> originating from AS 202 will use the T1 Internet connection.
> 
> Caslow states in order to do this, the following configs should be used
> on RouterB
> 
> router bgp 1000
> neighbor 10.1.1.1 remote-as 1000
> neighbor 172.16.1.100 remote-as 202
> neighbor 172.16.1.100 route-map AS-200-IN in
> 
> no ip classless
> ip as-path access-list 1 permit _300$
> 
> route-map AS-200-IN permit 10
> match as-path 1
> set local-preference 200
> 
> route-map AS-200-IN permit 20
> 
> What I don't understand is:
> 
> With the "set local-preference 200" statement, it directs the traffic
> (routes coming from AS 202 / neighbor 172.16.1.100) to go out via Router
> B. However, what makes the router not passing any other routes (not from
> AS 200)? Wouldn't they still be able to go out thru Router B as well? In
> consideration that the local preference has not been changed on the
> router.
> 
> Any help will be greatly appreciated.
> 
> Best Regards,
> Hunt Lee
> System Engineer
> WebCentral
> misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34474&t=34431
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Route-map question [7:34431]

2002-02-06 Thread Hunt Lee


Thanks so much for your helpful explanation Tom   :)

Hunt


""Tom Martin""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hunt,
>
> You are correct, there is nothing filtering the routes entering from
> Router B, without local preference set higher on 10.1.1.1 (Router A?) for
> the routes, nothing will prevent AS 202 from being used for other
> destinations as well.
>
> More confusing to me is the configuration.
>
> I read the question as if Router B should only be used for packets
> _originating_ from AS 202, which should use the T1 connection.  In this
> case an outbound filter would be appropriate, along with a community tag
> of no-export.
>
> Even if this the reverse is true (which the configuration seems to
> indicate), the as-path access-list is only setting local preference for
> the AS 300 destination!  It seems like the following access-list should
> have been used:
>
>   ip as-path access-list 1 permit ^202$
>
> Then again, perhaps I have just totally misunderstood the question. Either
> way, I hope that this helps.
>
> - Tom
>
>
> On Mon, 04 Feb 2002 23:43:41 -0500, Hunt Lee wrote:
>
> > I have a Route-Map question that I'm very confused about:
> >
> > The scenario is from Caslow (p840), it is as follows:
> >
> > Company A has a full T3 connection to the Internet thru the ISP
> > AAA-101.NET. Company B  has a T1 connection to the Internet thru the ISP
> > BBB-202.Net. Company A acquires Company B, but Company A wants to keep
> > both Internet connections, with the exception of packets originating
> > from the AS of BBB-202.Net (BBB-202.Net's AS is 202).  All traffic
> > originating from AS 202 will use the T1 Internet connection.
> >
> > Caslow states in order to do this, the following configs should be used
> > on RouterB
> >
> > router bgp 1000
> > neighbor 10.1.1.1 remote-as 1000
> > neighbor 172.16.1.100 remote-as 202
> > neighbor 172.16.1.100 route-map AS-200-IN in
> >
> > no ip classless
> > ip as-path access-list 1 permit _300$
> >
> > route-map AS-200-IN permit 10
> > match as-path 1
> > set local-preference 200
> >
> > route-map AS-200-IN permit 20
> >
> > What I don't understand is:
> >
> > With the "set local-preference 200" statement, it directs the traffic
> > (routes coming from AS 202 / neighbor 172.16.1.100) to go out via Router
> > B. However, what makes the router not passing any other routes (not from
> > AS 200)? Wouldn't they still be able to go out thru Router B as well? In
> > consideration that the local preference has not been changed on the
> > router.
> >
> > Any help will be greatly appreciated.
> >
> > Best Regards,
> > Hunt Lee
> > System Engineer
> > WebCentral
> > misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34703&t=34431
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Route-map question [7:34431]

2002-02-13 Thread Hunt Lee


Tom,

Can you please elaborate how the outbound filter with the community tag of
no-export would help... as I'm still not too clear what it will achieve.

And sorry for the stupid question...

Thanks again.

Best Regards,
Hunt Lee



""Tom Martin""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...

> I read the question as if Router B should only be used for packets
> _originating_ from AS 202, which should use the T1 connection.  In this
> case an outbound filter would be appropriate, along with a community tag
> of no-export.




> On Mon, 04 Feb 2002 23:43:41 -0500, Hunt Lee wrote:
>
> > I have a Route-Map question that I'm very confused about:
> >
> > The scenario is from Caslow (p840), it is as follows:
> >
> > Company A has a full T3 connection to the Internet thru the ISP
> > AAA-101.NET. Company B  has a T1 connection to the Internet thru the ISP
> > BBB-202.Net. Company A acquires Company B, but Company A wants to keep
> > both Internet connections, with the exception of packets originating
> > from the AS of BBB-202.Net (BBB-202.Net's AS is 202).  All traffic
> > originating from AS 202 will use the T1 Internet connection.
> >
> > Caslow states in order to do this, the following configs should be used
> > on RouterB
> >
> > router bgp 1000
> > neighbor 10.1.1.1 remote-as 1000
> > neighbor 172.16.1.100 remote-as 202
> > neighbor 172.16.1.100 route-map AS-200-IN in
> >
> > no ip classless
> > ip as-path access-list 1 permit _300$
> >
> > route-map AS-200-IN permit 10
> > match as-path 1
> > set local-preference 200
> >
> > route-map AS-200-IN permit 20
> >
> > What I don't understand is:
> >
> > With the "set local-preference 200" statement, it directs the traffic
> > (routes coming from AS 202 / neighbor 172.16.1.100) to go out via Router
> > B. However, what makes the router not passing any other routes (not from
> > AS 200)? Wouldn't they still be able to go out thru Router B as well? In
> > consideration that the local preference has not been changed on the
> > router.
> >
> > Any help will be greatly appreciated.
> >
> > Best Regards,
> > Hunt Lee
> > System Engineer
> > WebCentral
> > misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=35358&t=34431
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Route-map question [7:34431]

2002-02-13 Thread Hunt Lee


Tom,

Can you please elaborate how the outbound filter with the community tag of
no-export would help... as I'm still not too clear what it will achieve.

And sorry for the stupid question...

Thanks again.

Best Regards,
Hunt Lee
WebCentral


""Tom Martin""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...

Hunt,

You are correct, there is nothing filtering the routes entering from
Router B, without local preference set higher on 10.1.1.1 (Router A?) for
the routes, nothing will prevent AS 202 from being used for other
destinations as well.

More confusing to me is the configuration.

I read the question as if Router B should only be used for packets
_originating_ from AS 202, which should use the T1 connection.  In this
case an outbound filter would be appropriate, along with a community tag
of no-export.

Even if this the reverse is true (which the configuration seems to
indicate), the as-path access-list is only setting local preference for
the AS 300 destination!  It seems like the following access-list should
have been used:

  ip as-path access-list 1 permit ^202$

Then again, perhaps I have just totally misunderstood the question. Either
way, I hope that this helps.

- Tom




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=35374&t=34431
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Route-map - Boson - incorrect? [7:38553]

2002-03-16 Thread Pierre-Alex GUANEL


Here are two statements from BOSON and their associated answers:

"When a Match is made, the Route Map can change the route with the map-tag
command (TRUE)"

"When a Match is made, the Route Map will change the route with the set
command. (FALSE)"


(1) is there such a thing as a map-tag command. The Cisco documentation has
a match tag but nothing like a "map-tag"

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/np1_r
/1rprt1/1rindep.htm#1019548

(2) When a match is made doesn't the "set" command change the attribute of
the route.
Boson indicates in their test that this is a false statement.

Am I correct or is the test correct?

Thank you!

Pierre-Alex




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=38553&t=38553
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Route-Map To Loopback Interface

2000-07-28 Thread Brian


On Fri, 28 Jul 2000, Adrian Chew wrote:

> I've seen this in some configurations where traffic is sent via a route-map
> to an IP address that is on the same subnet as a router's loopback
> interface.
> 
> Eg.
> 
> interface ethernet 0
>  ip address 192.168.1.1 255.255.255.0
>  ip policy route-map abc
> 
> interface loopback 0
> ip address 192.168.255.1 255.255.255.0
> 
> access-list 100 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
> 
> route-map abc permit 10
>  match ip address 100
>  set ip next-hop 192.168.255.2
> 
> Could anyone explain how having traffic routed via a loopback interface
> might help in certain situations?

load balacing for one.

For example:

R1
ip cef

int loopback 0
 ip address 10.1.1.1 255.255.255.0

int ethernet 0
 ip address 192.168.2.1 255.255.255.0

int serial 0
 ip address 192.168.1.1 255.255.255.252
 ip load-sharing per-packet

int serial 1 
 ip address 192.168.1.5 255.255.255.252
 ip load-sharing per-packet

ip route 10.1.2.1 255.255.255.0 192.168.1.2
ip route 10.1.2.1 255.255.255.0 192.168.1.6
ip route 0.0.0.0 0.0.0.0 10.1.2.1

R2
ip cef

int loopback 0
 ip address 10.1.2.1 255.255.255.0

int serial 0
 ip address 192.168.1.2 255.255.255.252
 ip load-sharing per-packet

int serial 1
 ip address 192.168.1.6 255.255.255.252
 ip load-sharing per-packet

ip route 10.1.1.1 255.255.255.0 192.168.1.1
ip route 10.1.1.1 255.255.255.0 192.168.1.5
ip route 192.168.2.0 255.255.255.0 10.1.1.1

You could save yourself some configuring and whatnot by using an IGP to
get the dual routes injected instead of declaring them statically here,
but I did static here to illustrate

Brian

> 
> Thanks.
> 
> Regards,
> Adrian
> 
> 
> ___
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> 

---
Brian Feeny, CCNA, CCDA   [EMAIL PROTECTED]   
Network Administrator 
ShreveNet Inc. (ASN 11881)

___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Route-Map To Loopback Interface

2000-07-28 Thread Adrian Chew


Brian,

Thanks for the example - hitting the loopbacks on REMOTE routers is easy to
understand (as is loopback interfaces for BGP connections and OSPF Router
IDs).  However, I've seen traffic being routed to an IP address on the same
subnet as the router's loopback interface is on.  Eg.

E0 > R1 > Loop 0 > R1 > S0 > R2 > E0 > IP destination

The actual destination IP address might be a subnet on some other remote
router but the traffic is first directed to an IP address on the same subnet
as the router's own loopback address.  I believe its done to avoid some sort
of traffic from hitting NAT on the way out, but having an access-list
definition for NAT traffic should already take care of this.

Take a look at the initial route-map configuration I gave - traffic from E0
bound for network 192.168.2.0/24 (not a destination on the router's own
connected interfaces) is set for next-hop IP address of 192.168.255.2 (the
router's loopback IP address is 192.168.255.1 with a /24 mask).

Regards,
Adrian

"Brian" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> On Fri, 28 Jul 2000, Adrian Chew wrote:
>
> > I've seen this in some configurations where traffic is sent via a
route-map
> > to an IP address that is on the same subnet as a router's loopback
> > interface.
> >
> > Eg.
> >
> > interface ethernet 0
> >  ip address 192.168.1.1 255.255.255.0
> >  ip policy route-map abc
> >
> > interface loopback 0
> > ip address 192.168.255.1 255.255.255.0
> >
> > access-list 100 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
> >
> > route-map abc permit 10
> >  match ip address 100
> >  set ip next-hop 192.168.255.2
> >
> > Could anyone explain how having traffic routed via a loopback interface
> > might help in certain situations?
>
> load balacing for one.
>
> For example:
>
> R1
> ip cef
>
> int loopback 0
>  ip address 10.1.1.1 255.255.255.0
>
> int ethernet 0
>  ip address 192.168.2.1 255.255.255.0
>
> int serial 0
>  ip address 192.168.1.1 255.255.255.252
>  ip load-sharing per-packet
>
> int serial 1
>  ip address 192.168.1.5 255.255.255.252
>  ip load-sharing per-packet
>
> ip route 10.1.2.1 255.255.255.0 192.168.1.2
> ip route 10.1.2.1 255.255.255.0 192.168.1.6
> ip route 0.0.0.0 0.0.0.0 10.1.2.1
>
> R2
> ip cef
>
> int loopback 0
>  ip address 10.1.2.1 255.255.255.0
>
> int serial 0
>  ip address 192.168.1.2 255.255.255.252
>  ip load-sharing per-packet
>
> int serial 1
>  ip address 192.168.1.6 255.255.255.252
>  ip load-sharing per-packet
>
> ip route 10.1.1.1 255.255.255.0 192.168.1.1
> ip route 10.1.1.1 255.255.255.0 192.168.1.5
> ip route 192.168.2.0 255.255.255.0 10.1.1.1
>
> You could save yourself some configuring and whatnot by using an IGP to
> get the dual routes injected instead of declaring them statically here,
> but I did static here to illustrate
>
> Brian
>
> >
> > Thanks.
> >
> > Regards,
> > Adrian
> >
> >
> > ___
> > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> > FAQ, list archives, and subscription info: http://www.groupstudy.com
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
> ---
> Brian Feeny, CCNA, CCDA   [EMAIL PROTECTED]
> Network Administrator
> ShreveNet Inc. (ASN 11881)
>
> ___
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> ---


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Route-Map To Loopback Interface

2000-07-28 Thread Kenny Sallee


The only thing I can think of is with that setup you have, any traffic from
source .1.0 to destination 2.0 will be routed via the loopback and thus
droppedCan't think of anything else

Kenny

"Adrian Chew" <[EMAIL PROTECTED]> wrote in message
8lskht$quq$[EMAIL PROTECTED]">news:8lskht$quq$[EMAIL PROTECTED]...
> Brian,
>
> Thanks for the example - hitting the loopbacks on REMOTE routers is easy
to
> understand (as is loopback interfaces for BGP connections and OSPF Router
> IDs).  However, I've seen traffic being routed to an IP address on the
same
> subnet as the router's loopback interface is on.  Eg.
>
> E0 > R1 > Loop 0 > R1 > S0 > R2 > E0 > IP destination
>
> The actual destination IP address might be a subnet on some other remote
> router but the traffic is first directed to an IP address on the same
subnet
> as the router's own loopback address.  I believe its done to avoid some
sort
> of traffic from hitting NAT on the way out, but having an access-list
> definition for NAT traffic should already take care of this.
>
> Take a look at the initial route-map configuration I gave - traffic from
E0
> bound for network 192.168.2.0/24 (not a destination on the router's own
> connected interfaces) is set for next-hop IP address of 192.168.255.2 (the
> router's loopback IP address is 192.168.255.1 with a /24 mask).
>
> Regards,
> Adrian
>
> "Brian" <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > On Fri, 28 Jul 2000, Adrian Chew wrote:
> >
> > > I've seen this in some configurations where traffic is sent via a
> route-map
> > > to an IP address that is on the same subnet as a router's loopback
> > > interface.
> > >
> > > Eg.
> > >
> > > interface ethernet 0
> > >  ip address 192.168.1.1 255.255.255.0
> > >  ip policy route-map abc
> > >
> > > interface loopback 0
> > > ip address 192.168.255.1 255.255.255.0
> > >
> > > access-list 100 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
> > >
> > > route-map abc permit 10
> > >  match ip address 100
> > >  set ip next-hop 192.168.255.2
> > >
> > > Could anyone explain how having traffic routed via a loopback
interface
> > > might help in certain situations?
> >
> > load balacing for one.
> >
> > For example:
> >
> > R1
> > ip cef
> >
> > int loopback 0
> >  ip address 10.1.1.1 255.255.255.0
> >
> > int ethernet 0
> >  ip address 192.168.2.1 255.255.255.0
> >
> > int serial 0
> >  ip address 192.168.1.1 255.255.255.252
> >  ip load-sharing per-packet
> >
> > int serial 1
> >  ip address 192.168.1.5 255.255.255.252
> >  ip load-sharing per-packet
> >
> > ip route 10.1.2.1 255.255.255.0 192.168.1.2
> > ip route 10.1.2.1 255.255.255.0 192.168.1.6
> > ip route 0.0.0.0 0.0.0.0 10.1.2.1
> >
> > R2
> > ip cef
> >
> > int loopback 0
> >  ip address 10.1.2.1 255.255.255.0
> >
> > int serial 0
> >  ip address 192.168.1.2 255.255.255.252
> >  ip load-sharing per-packet
> >
> > int serial 1
> >  ip address 192.168.1.6 255.255.255.252
> >  ip load-sharing per-packet
> >
> > ip route 10.1.1.1 255.255.255.0 192.168.1.1
> > ip route 10.1.1.1 255.255.255.0 192.168.1.5
> > ip route 192.168.2.0 255.255.255.0 10.1.1.1
> >
> > You could save yourself some configuring and whatnot by using an IGP to
> > get the dual routes injected instead of declaring them statically here,
> > but I did static here to illustrate
> >
> > Brian
> >
> > >
> > > Thanks.
> > >
> > > Regards,
> > > Adrian
> > >
> > >
> > > ___
> > > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> > > FAQ, list archives, and subscription info: http://www.groupstudy.com
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > >
> >
> > ---
> > Brian Feeny, CCNA, CCDA   [EMAIL PROTECTED]
> > Network Administrator
> > ShreveNet Inc. (ASN 11881)
> >
> > ___
> > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> > FAQ, list archives, and subscription info: http://www.groupstudy.com
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > ---
>
>
> ___
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> ---


___
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Route Map Question [7:60263]

2003-01-03 Thread The Long and Winding Road

--
TANSTAAFL
"there ain't no such thing as a free lunch"




""Daren Presbitero""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello,
>
> Had a question and been trying to figure this one out for a while now.
> I have a router with an internal 205.10.1.0/24 network hanging off of
fa0/0
> and external connection to lots of other networks that start with 205.  I
> want to create a 205.0.0.0/8 static route pointing everything to the
> external gateway router, but will have problems when sending to an
external
> network (205.10.50.0/24) because the longest matched route will come up as
> the internal 205.10.1.0 network's route, not the 205.0.0.0 static route.
I
> need to force the packet to route through the 205 static route IF it does
> not match the internal network.  How would I do this with a route-map?
> NOTE: I need the route-map to check the dest.IP and IF it is not destined
> for the 205.10.1.0 subnet then send it to the upstream default gateway.

well, let's look at your first assumption. that is, that a destination to
205.10.50.x ( /24 ) will be matched by 205.10.1.0 during a route lookup. or
to put it another way, if you have two routes in your routing table:

S 205.0.0.0  (default gateway interface )
C 205.10.1.0 ( interface whatever )

which one will a destination of 205.10.50.x match?

that said, you can add policy routing, and give yourself a different kind of
flexibility.

let's look at the route-map structure, and see how it operates.

start with your access-lists.

access-list 1 permit 205.10.1.0 0.0.0.255
access-list 2 permit 205.0.0.0 0.255.255.255

I'm going to assume for argument's sake that at this time you have no other
destinations you want to reach.

route-map 205net permit 10
match ip addr which one?
set

now here you have a choice - interface or ip next-hop.

the flexibility gained is that you can modify this route-map to suit your
needs as they change - add more access-lists to reflect different subnets
and add more route-map clauses to reflect the policy requirements.

or you can resort to good old routing. which is easier on the brain. ;->


>
> Mahalo for your help,

the only thanks accepted is a two week stay in your town. living room floor
will be ok. couch better.  ;->



> Daren




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=60265&t=60263
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Route-map question (urgent) [7:54910]

2002-10-04 Thread [EMAIL PROTECTED]


Greetings,

Need help with a route-map question.  I need to force all http traffic
to go to 10.10.10.141 address, does my config below allow me to do just
that?


access-list extended 101 permit tcp any host 10.10.10.141 eq 80
access-list extended 101 permit ip any any

route-map http_traffic permit 10
 match ip address 101

int fa2/0 (10.10.10.141 address is behind this interface)
ip policy route-map http_traffic

Thanks...Nabil

"I have never let my schooling interfere with my education."




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54910&t=54910
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

NAT: list or route-map? [7:1563]

2001-04-22 Thread Mike Taylor


Hi,

I have a question about the following configuration:

http://www.cisco.com/warp/public/707/quicktip.html

What is the benefit of using the route-map to define what/what not to
translate?  Maybe I'm missing something simple, but it seems that you could
simply use the list (175) to do the same thing, avoiding the extra route-map
config completely.

Thanks for any insight.

Mike
[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=1563&t=1563
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: list or route-map? [7:1563]

2001-04-26 Thread EA Louie


Policy routing takes precedence over standard routing and NAT.  Therefore,
if the subnets to be translated were routed in some other way, you run into
the problem of "which comes first", which the route maps solve.  (For
example, a default route will be processed before the NAT command).  They're
also a way to hide routing from the routing table (although I can't imagine
anyone ever wanting to do that, he said, tongue-in-cheek)

see
http://www.cisco.com/warp/public/556/5.html
to see the order of preference that Cisco uses in IOS for determining packet
processing in a router.

- Original Message -
From: "Mike Taylor" 
To: 
Sent: Sunday, April 22, 2001 10:49 PM
Subject: NAT: list or route-map? [7:1563]


> Hi,
>
> I have a question about the following configuration:
>
> http://www.cisco.com/warp/public/707/quicktip.html
>
> What is the benefit of using the route-map to define what/what not to
> translate?  Maybe I'm missing something simple, but it seems that you
could
> simply use the list (175) to do the same thing, avoiding the extra
route-map
> config completely.
>
> Thanks for any insight.
>
> Mike
> [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=2186&t=1563
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

FW: Route-map - Boson - incorrect? [7:38554]

2002-03-16 Thread Pierre-Alex Guanel

-Original Message-
From: Pierre-Alex GUANEL [mailto:[EMAIL PROTECTED]]
Sent: Saturday, March 16, 2002 1:55 PM
To: Cisco
Subject: Route-map - Boson - incorrect?

Here are two statements from BOSON and their associated answers:

"When a Match is made, the Route Map can change the route with the map-tag
command (TRUE)"

"When a Match is made, the Route Map will change the route with the set
command. (FALSE)"

(1) is there such a thing as a map-tag command. The Cisco documentation has
a match tag but nothing like a "map-tag"

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/np1_r
/1rprt1/1rindep.htm#1019548

(2) When a match is made doesn't the "set" command change the attribute of
the route.
Boson indicates in their test that this is a false statement.

Am I correct or is the test correct?

Thank you!

Pierre-Alex

Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=38554&t=38554
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

route-map next-hop question [7:40431]

2002-04-03 Thread bergenpeak


I'm trying to use the "set ip next-hop" feature in a route-map
and seeing some behavior I don't understand.

If I define the "ip next-hop" to be an IP address that's
not on an interface directly connected to the router performing
the route-map, the router does the recursive lookup and
forwards the packet accordingly.  This is good.

If I define the "ip next-hop" to be an IP address for
the remote end of a locally connected POS interface, the
packet is forwarded out the POS interface.  This is good.

If I define the "ip next-hop" to be an IP address for a
router directly connected via an ethernet interface, the
packet appears to get dropped.  Basically, I have a setup
where I'm using an ethernet as a point-to-point link
and when the next-hop is set to the IP at the other end of 
the ethernet /30, forwarding doesn't seem to work.

Any thoughts on why this doesn't work when on ethernet?

Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=40431&t=40431
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

route-map V distribute list's [7:70121]

2003-06-04 Thread maine dude

Hi
 
Can someone clarify why you would use a route-map instead of distribute list?
 
Thanks in advance,
-DJ 





-
Yahoo! Plus - For a better Internet experience




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=70121&t=70121
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Policy routing with route map [7:70567]

2003-06-11 Thread Chiam Chin Tiong

Hi guys , 

Just wanna to ask can loading balacing achieve in this config. Or e1 is use
only , follow by e2 unless e1 is down.

interface serial e0 
ip policy route-map ABC 
! 
route-map ABC 
match ip address X.X.X.X 
set interface e1 e2 e3 e4 

Thank you ! 


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=70567&t=70567
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

route-map deny_lo1 - now working?? [7:61055]

2003-01-14 Thread Cisco Nuts

Hello,
I have a loopback interface 1 that I am trying to deny under redistribute 
connected under ospf but am having no luck? What am I doing wrong? Please 
advise. Thank you.

Config:

TS#
interface Loopback1
ip address 1.1.1.1 255.255.255.255

router ospf 100
redistribute connected subnets route-map deny_lo1

route-map deny_lo1 deny 10
match ip address 99
!
route-map deny_lo1 permit 20
match ip address 98

access-list 98 permit any
access-list 99 permit 1.1.1.0

On the neighboring router:

RTE#r
1.0.0.0/32 is subnetted, 1 subnets
O E21.1.1.1 [110/20] via 110.99.100.1, 00:05:02, Serial0.100

It does not matter if I change the access-list to permit 1.0.0.0 or host 
1.1.1.1 !!!

I just cannot seem to figure out why I cannot deny this route from being 
entered into the routing table!!








_
Help STOP SPAM: Try the new MSN 8 and get 2 months FREE* 
http://join.msn.com/?page=features/junkmail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=61055&t=61055
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Route-map question (urgent) [7:54910]

2002-10-04 Thread Chuck's Long Road


what you have will end up sending ALL traffic to . well to nowhere,
since you have no set statement.

--

www.chuckslongroad.info
like my web site?
take the survey!



 wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Greetings,
>
> Need help with a route-map question.  I need to force all http traffic
> to go to 10.10.10.141 address, does my config below allow me to do just
> that?
>
>
> access-list extended 101 permit tcp any host 10.10.10.141 eq 80
> access-list extended 101 permit ip any any
>
> route-map http_traffic permit 10
>  match ip address 101
>
> int fa2/0 (10.10.10.141 address is behind this interface)
> ip policy route-map http_traffic
>
> Thanks...Nabil
>
> "I have never let my schooling interfere with my education."




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54911&t=54910
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Route-map question (urgent) [7:54910]

2002-10-04 Thread [EMAIL PROTECTED]


The second access-lists statement says to do the action in the route map
with all traffic.

>From what I undertood you do not want that.

> Greetings,
>
> Need help with a route-map question.  I need to force all http
traffic
> to go to 10.10.10.141 address, does my config below allow me to
do just
> that?
>
>
> access-list extended 101 permit tcp any host 10.10.10.141 eq 80
> access-list extended 101 permit ip any any
>
> route-map http_traffic permit 10
>  match ip address 101
>
> int fa2/0 (10.10.10.141 address is behind this interface)
> ip policy route-map http_traffic
>
> Thanks...Nabil
>
> "I have never let my schooling interfere with my
education."




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54916&t=54910
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Route-map question (urgent) [7:54910]

2002-10-05 Thread ccnp ccnp2002


Hi,

I suggest that you study again about access-lists and route-maps. This is
the best answer to your question because once you go through it again, you
will be fine.

I kindly ask you to spend just a little time and it will be very clear.

Cheers!!


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54926&t=54910
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Route-map question (urgent) [7:54910]

2002-10-05 Thread YASSER ALY


No, you need to do the follwoing

access-list 101 permit tcp any any eq 80

route-map http_traffic permit 10

match ip address 101

set next-hop 10.10.10.141

route-map nttp_traffic permit 20

!

int fa2/0

ip policy route-map http_traffic

 

>From: "[EMAIL PROTECTED]" >Greetings, > >Need help with a
route-map question. I need to force all http traffic >to go to
10.10.10.141 address, does my config below allow me to do just >that? > >
>access-list extended 101 permit tcp any host 10.10.10.141 eq 80
>access-list extended 101 permit ip any any > >route-map http_traffic
permit 10 > match ip address 101 > >int fa2/0 (10.10.10.141 address is
behind this interface) >ip policy route-map http_traffic >
>Thanks...Nabil > >"I have never let my schooling interfere
misconduct and Nondisclosure violations to [EMAIL PROTECTED]



Join the worlds largest e-mail service with MSN Hotmail. Click Here




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54928&t=54910
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Route-map question (urgent) [7:54910]

2002-10-06 Thread Greg Reaume


Yasser,

Be careful here...  you don't know if the only segment for which he wants
HTTP redirected is the one connected via fa2/0, there may be more.  Offering
a solution without knowing all his requirements will just lead him into
deeper confusion.


Nabil,

The best way to find your answer is to go and learn this thoroughly for
yourself.  And as always, never put yourself in a position where you are
urgently required to do something you've never done without a lifeline setup
prior to your need.  No manager that I have worked with has ever blamed
someone for saying, "I've never done that before and I'd feel more
comfortable taking some time to understand it".  If the need is that urgent
that there is no time to spare, you should be able to call TAC under your
service contract, right?  :)

Good luck.

Greg Reaume


""YASSER ALY""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
No, you need to do the follwoing

access-list 101 permit tcp any any eq 80

route-map http_traffic permit 10

match ip address 101

set next-hop 10.10.10.141

route-map nttp_traffic permit 20

!

int fa2/0

ip policy route-map http_traffic



>From: "[EMAIL PROTECTED]" >Greetings, > >Need help with a
route-map question. I need to force all http traffic >to go to
10.10.10.141 address, does my config below allow me to do just >that? > >
>access-list extended 101 permit tcp any host 10.10.10.141 eq 80
>access-list extended 101 permit ip any any > >route-map http_traffic
permit 10 > match ip address 101 > >int fa2/0 (10.10.10.141 address is
behind this interface) >ip policy route-map http_traffic >
>Thanks...Nabil > >"I have never let my schooling interfere
misconduct and Nondisclosure violations to [EMAIL PROTECTED]



Join the worlds largest e-mail service with MSN Hotmail. Click Here




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54975&t=54910
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Route-map question (urgent) [7:54910]

2002-10-06 Thread YASSER ALY


Greg,

  Thank you for what you have said. My suggestions were based on the
scenario that Nabil mentioned. Being the fact that his real life scenario
is different that what he said fall under his attention to consider. It's
just something to give some light for him but you do have a point that he
should read more before considering doing something he never did before.

BTW, is it normal that somebody's postings to the list not to be sent to
his e-mail. Eachtime I send to the list either a question or a reply I
don't get a clue that it has been received until someone like you replies
quoting what I have said,

Regards,

Yasser

>From: "Greg Reaume" >Yasser, > >Be careful here... you don't know if the
only segment for which he wants >HTTP redirected is the one connected via
fa2/0, there may be more. Offering >a solution without knowing all his
requirements will just lead him into >deeper confusion. > > >Nabil, >
>The best way to find your answer is to go and learn this thoroughly for
>yourself. And as always, never put yourself in a position where you are
>urgently required to do something you've never done without a lifeline
setup >prior to your need. No manager that I have worked with has ever
blamed >someone for saying, "I've never done that before and I'd feel
more >comfortable taking some time to understand it". If the need is that
urgent >that there is no time to spare, you should be able to call TAC
under your >service contract, right? :) > >Good luck. > >Greg Reaume > >
>""YASSER ALY"" wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... >No, you need to do the
follwoing > >access-list 101 permit tcp any any eq 80 > >route-map
http_traffic permit 10 > >match ip address 101 > >set next-hop
10.10.10.141 > >route-map nttp_traffic permit 20 > >! > >int fa2/0 > >ip
policy route-map http_traffic > > > > >From:
"[EMAIL PROTECTED]" >Greetings, > >Need help with a >route-map
question. I need to force all http traffic >to go to >10.10.10.141
address, does my config below allow me to do just >that? > > >
>access-list extended 101 permit tcp any host 10.10.10.141 eq 80 >
>access-list extended 101 permit ip any any > >route-map http_traffic
>permit 10 > match ip address 101 > >int fa2/0 (10.10.10.141 address is
>behind this interface) >ip policy route-map http_traffic > >
>Thanks...Nabil > >"I have never let my schooling interfere
>misconduct and Nondisclosure violations to [EMAIL PROTECTED] >
>
> >Join the worlds largest e-mail service with MSN Hotmail. Click Here >
misconduct and Nondisclosure violations to [EMAIL PROTECTED]



Join the worlds largest e-mail service with MSN Hotmail. Click Here




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54979&t=54910
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Route-map question (urgent) [7:54910]

2002-10-06 Thread Greg Reaume


Yasser,

I agree, everyone should be conscious that any advice received through a
source such as this, although quite skilled, can only be advice given based
on the information one has provided.  This advice is only as accurate and
comprehensive as one's presented question or scenario.

About the postings, I know that I use Outlook Express through Outlook (news
button), and I do see the postings that I make in each thread.  However, I
can only choose to either post to thread, or reply directly to sender.  If I
want to do both I must manually add the destinations to the message.

Greg Reaume


""YASSER ALY""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Greg,

  Thank you for what you have said. My suggestions were based on the
scenario that Nabil mentioned. Being the fact that his real life scenario
is different that what he said fall under his attention to consider. It's
just something to give some light for him but you do have a point that he
should read more before considering doing something he never did before.

BTW, is it normal that somebody's postings to the list not to be sent to
his e-mail. Eachtime I send to the list either a question or a reply I
don't get a clue that it has been received until someone like you replies
quoting what I have said,

Regards,

Yasser

>From: "Greg Reaume" >Yasser, > >Be careful here... you don't know if the
only segment for which he wants >HTTP redirected is the one connected via
fa2/0, there may be more. Offering >a solution without knowing all his
requirements will just lead him into >deeper confusion. > > >Nabil, >
>The best way to find your answer is to go and learn this thoroughly for
>yourself. And as always, never put yourself in a position where you are
>urgently required to do something you've never done without a lifeline
setup >prior to your need. No manager that I have worked with has ever
blamed >someone for saying, "I've never done that before and I'd feel
more >comfortable taking some time to understand it". If the need is that
urgent >that there is no time to spare, you should be able to call TAC
under your >service contract, right? :) > >Good luck. > >Greg Reaume > >
>""YASSER ALY"" wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... >No, you need to do the
follwoing > >access-list 101 permit tcp any any eq 80 > >route-map
http_traffic permit 10 > >match ip address 101 > >set next-hop
10.10.10.141 > >route-map nttp_traffic permit 20 > >! > >int fa2/0 > >ip
policy route-map http_traffic > > > > >From:
"[EMAIL PROTECTED]" >Greetings, > >Need help with a >route-map
question. I need to force all http traffic >to go to >10.10.10.141
address, does my config below allow me to do just >that? > > >
>access-list extended 101 permit tcp any host 10.10.10.141 eq 80 >
>access-list extended 101 permit ip any any > >route-map http_traffic
>permit 10 > match ip address 101 > >int fa2/0 (10.10.10.141 address is
>behind this interface) >ip policy route-map http_traffic > >
>Thanks...Nabil > >"I have never let my schooling interfere
>misconduct and Nondisclosure violations to [EMAIL PROTECTED] >
>
> >Join the worlds largest e-mail service with MSN Hotmail. Click Here >
misconduct and Nondisclosure violations to [EMAIL PROTECTED]



Join the worlds largest e-mail service with MSN Hotmail. Click Here




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54981&t=54910
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Route-map question (urgent) [7:54910]

2002-10-07 Thread Stefan Razeshu


I think the response for this question is:

The access list:
access-list 101 permit tcp any eq www any
!-you need to detect your incoming www traffic.
!-You can use also your network address for the first "any".
!-route map statement
route-map http_access permit 10
match ip address 101
set ip next-hop 10.10.10.141

The policy map statement need to be place on the interface that is facing
your network not to the interface near by the host 10.10.10.141.
Regards,
Stefan

PS. I think we need to help each other not to give life lessons.
It is a Cisco study list not the church.



Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54994&t=54910
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Route-map question (urgent) [7:54910]

2002-10-07 Thread Stefan Razeshu


Sorry..the access-list is not corect.
Should be:
 access-list 101 permit tcp any any eq 80
Regards
Stefan


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=55004&t=54910
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Route-map question (urgent) [7:54910]

2002-10-07 Thread Harold Monroe


This is something I've been wondering about also. As I understand it when
you "set ip next-hop" it forces the packet to go out a particular interface.

How about if you want the destination address changed for a particular type
of traffic so HTTP traffic goes to an HTTP server and FTP to an FTP server.

For example, if you have only one Public IP Address and if HTTP comes in you
want its destination address changed to 192.168.1.10, if FTP change its
destination address to 192.168.1.20

-Original Message-
From:   Stefan Razeshu [mailto:[EMAIL PROTECTED]]
Sent:   Monday, October 07, 2002 4:16 AM
To: [EMAIL PROTECTED]
Subject:        Re: Route-map question (urgent) [7:54910]

I think the response for this question is:

The access list:
access-list 101 permit tcp any eq www any
!-you need to detect your incoming www traffic.
!-You can use also your network address for the first "any".
    !-route map statement
route-map http_access permit 10
match ip address 101
set ip next-hop 10.10.10.141

The policy map statement need to be place on the interface
that is facing
your network not to the interface near by the host
10.10.10.141.
Regards,
Stefan

PS. I think we need to help each other not to give life
lessons.
It is a Cisco study list not the church.
[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=55011&t=54910
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: Route-map question (urgent) [7:54910]

2002-10-07 Thread Jim Brown

Port Address Translation.

-Original Message-
From: Harold Monroe [mailto:[EMAIL PROTECTED]] 
Sent: Monday, October 07, 2002 10:56 AM
To: [EMAIL PROTECTED]
Subject: RE: Route-map question (urgent) [7:54910]

This is something I've been wondering about also. As I understand it
when
you "set ip next-hop" it forces the packet to go out a particular
interface.

How about if you want the destination address changed for a particular
type
of traffic so HTTP traffic goes to an HTTP server and FTP to an FTP
server.

For example, if you have only one Public IP Address and if HTTP comes in
you
want its destination address changed to 192.168.1.10, if FTP change its
destination address to 192.168.1.20

-Original Message-
From:   Stefan Razeshu [mailto:[EMAIL PROTECTED]]
Sent:   Monday, October 07, 2002 4:16 AM
To: [EMAIL PROTECTED]
Subject:        Re: Route-map question (urgent)
[7:54910]

I think the response for this question is:

The access list:
access-list 101 permit tcp any eq www any
!-you need to detect your incoming www traffic.
!-You can use also your network address for the first
"any".
    !-route map statement
route-map http_access permit 10
match ip address 101
set ip next-hop 10.10.10.141

The policy map statement need to be place on the
interface
that is facing
your network not to the interface near by the host
10.10.10.141.
Regards,
Stefan

PS. I think we need to help each other not to give life
lessons.
It is a Cisco study list not the church.
[EMAIL PROTECTED]

Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=55012&t=54910
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Route-map question (urgent) [7:54910]

2002-10-07 Thread Greg Reaume


That is something that you could do using NAT statements (port address
translation/port forwarding/network address port translation, etc.):

!
int fa0/0
 desc external interface
 ! ip below used as an example, I apologize if it, although unlikely,
matches anyone's config.
 ip add 216.253.64.2 255.255.255.252
 ip nat outside
!
int fa0/1
 desc internal interface
 ip add 192.168.1.1 255.255.255.0
 ip nat inside
!
ip nat inside source static tcp 192.168.1.10 80 216.253.64.2 80
ip nat inside source static tcp 192.168.1.20 21 216.253.64.2 21
!

Of course, if this router is acting in this fashion when it comes to NAT, it
would be assumed that it will also run the firewall feature-set and be
secured appropriately.  You would have to permit this particular traffic in
your external access-lists.

HTH

Greg Reaume


""Harold Monroe""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
This is something I've been wondering about also. As I understand it when
you "set ip next-hop" it forces the packet to go out a particular interface.

How about if you want the destination address changed for a particular type
of traffic so HTTP traffic goes to an HTTP server and FTP to an FTP server.

For example, if you have only one Public IP Address and if HTTP comes in you
want its destination address changed to 192.168.1.10, if FTP change its
destination address to 192.168.1.20

-Original Message-
From: Stefan Razeshu [mailto:[EMAIL PROTECTED]]
Sent: Monday, October 07, 2002 4:16 AM
To: [EMAIL PROTECTED]
Subject: Re: Route-map question (urgent) [7:54910]

I think the response for this question is:

The access list:
access-list 101 permit tcp any eq www any
!-you need to detect your incoming www traffic.
!-You can use also your network address for the first "any".
!-route map statement
route-map http_access permit 10
match ip address 101
set ip next-hop 10.10.10.141

The policy map statement need to be place on the interface
that is facing
your network not to the interface near by the host
10.10.10.141.
Regards,
Stefan

PS. I think we need to help each other not to give life
lessons.
It is a Cisco study list not the church.
[EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=55065&t=54910
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: route-map next-hop question [7:40431]

2002-04-04 Thread Mark Patrick


can't you just route map to ethernet on the local router?
this should send all traffic for the destination network out
that interface regardless. it makes your routing table look
like everything is directly connected but at least it works
for ip route staments..


""bergenpeak""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I'm trying to use the "set ip next-hop" feature in a route-map
> and seeing some behavior I don't understand.
>
> If I define the "ip next-hop" to be an IP address that's
> not on an interface directly connected to the router performing
> the route-map, the router does the recursive lookup and
> forwards the packet accordingly.  This is good.
>
> If I define the "ip next-hop" to be an IP address for
> the remote end of a locally connected POS interface, the
> packet is forwarded out the POS interface.  This is good.
>
> If I define the "ip next-hop" to be an IP address for a
> router directly connected via an ethernet interface, the
> packet appears to get dropped.  Basically, I have a setup
> where I'm using an ethernet as a point-to-point link
> and when the next-hop is set to the IP at the other end of
> the ethernet /30, forwarding doesn't seem to work.
>
> Any thoughts on why this doesn't work when on ethernet?
>
> Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=40464&t=40431
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: route-map next-hop question [7:40431]

2002-04-04 Thread bergenpeak


If the next-hop is actually an IP address on the router
with the route-map, then the packet never gets forwarded
beyond the router. 

I don't think the set interface works on ethernet either 
as there's some L2 stuff that needs to happen for forwarding
to work here

Figured the problem out

The problem was that the enet interface I was using was
the ethernet on the GSR GRP...  turns out this is sort
of a L3 interface but not completely when I used
a real enet line card, this worked fine...

Thanks 


Mark Patrick wrote:
> 
> can't you just route map to ethernet on the local router?
> this should send all traffic for the destination network out
> that interface regardless. it makes your routing table look
> like everything is directly connected but at least it works
> for ip route staments..
> 
> ""bergenpeak""  wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > I'm trying to use the "set ip next-hop" feature in a route-map
> > and seeing some behavior I don't understand.
> >
> > If I define the "ip next-hop" to be an IP address that's
> > not on an interface directly connected to the router performing
> > the route-map, the router does the recursive lookup and
> > forwards the packet accordingly.  This is good.
> >
> > If I define the "ip next-hop" to be an IP address for
> > the remote end of a locally connected POS interface, the
> > packet is forwarded out the POS interface.  This is good.
> >
> > If I define the "ip next-hop" to be an IP address for a
> > router directly connected via an ethernet interface, the
> > packet appears to get dropped.  Basically, I have a setup
> > where I'm using an ethernet as a point-to-point link
> > and when the next-hop is set to the IP at the other end of
> > the ethernet /30, forwarding doesn't seem to work.
> >
> > Any thoughts on why this doesn't work when on ethernet?
> >
> > Thanks




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=40555&t=40431
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Access-List and Route-Map Cache??? [7:13808]

2001-07-25 Thread Lupi, Guy


I have heard that there is a command to tell the router to cache access list
and route map entries so that all packets don't have to be process switched
when they go through the acl.  Does anyone know what the command is?
Thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=13808&t=13808
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: route-map V distribute list's [7:70121]

2003-06-05 Thread Tom Martin

DJ,

A route-map is just way more flexible.

A distribute-list will afford you a single access-list in which you must 
define everything, where as a route-map allows you to use multiple 
access-lists.  This is especially important during temporary changes to 
a network topology, where a new route-map clause can be added without 
changing the existing access list.

Route-maps also allow you to match on more than the routes to be 
redistributed (such as outgoing interface, next hop IP, advertising 
router, etc).

For most implementations, I've found that a distribution list is all 
that's required.  Even so I still use route maps, because you never know 
what you'll need down the road.

- Tom

maine dude wrote:
> Hi
>  
> Can someone clarify why you would use a route-map instead of distribute
list?
>  
> Thanks in advance,
> -DJ 
> 
> 
> 
> 
> 
> -
> Yahoo! Plus - For a better Internet experience

Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=70125&t=70121
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: route-map V distribute list's [7:70121]

2003-06-05 Thread Lauren Child

Distribute lists can have problems, and IIRC arent supported in all
configurations.  Ive hit bugs using them with OSPF, so I tend to go with
route maps every time now.

TTFN
Lauren


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=70127&t=70121
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Policy routing with route map [7:70567]

2003-06-12 Thread [EMAIL PROTECTED]

If the first interface specified with the set interface command is down,
the optionally specified interfaces are tried in turn.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fiprrp_r/ind_r/1rfindp2.htm#1020572


Thanks...Nabil

"I have never let my schooling interfere with my education."


   

  Chiam Chin
Tiong
 
cc:
  Sent by: Subject:  Policy routing with
route map [7:70567]
 
[EMAIL PROTECTED]
 
.com
   

   

  06/12/2003
01:17
 
AM
  Please respond
to
  Chiam Chin
Tiong
   

   





Hi guys ,

Just wanna to ask can loading balacing achieve in this config. Or e1 is
use
only , follow by e2 unless e1 is down.

interface serial e0
ip policy route-map ABC
!
route-map ABC
match ip address X.X.X.X
set interface e1 e2 e3 e4

Thank you !




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=70581&t=70567
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Policy routing with route map [7:70567]

2003-06-13 Thread ramesh_cisco

In match IP address , which Ip address are you trying to match?


 


ramesh ,ccnp
Get Your Private, Free E-mail from Indiatimes at  http://email.indiatimes.com
Buy The Best In BOOKS at http://www.bestsellers.indiatimes.com
Bid for Air Tickets @ Re.1 on Air Sahara Flights. Just log on to
http://airsahara.indiatimes.com and Bid Now !




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=70627&t=70567
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: route-map deny_lo1 - now working?? [7:61055]

2003-01-14 Thread Scott

It's a /32 and you are denying a /24.  Try this:

interface lo1
ip ospf network point-to-point

or

access-list 99 permit host 1.1.1.1

HTH,
Scott

""Cisco Nuts""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello,
> I have a loopback interface 1 that I am trying to deny under redistribute
> connected under ospf but am having no luck? What am I doing wrong? Please
> advise. Thank you.
>
> Config:
>
> TS#
> interface Loopback1
> ip address 1.1.1.1 255.255.255.255
>
> router ospf 100
> redistribute connected subnets route-map deny_lo1
>
> route-map deny_lo1 deny 10
> match ip address 99
> !
> route-map deny_lo1 permit 20
> match ip address 98
>
> access-list 98 permit any
> access-list 99 permit 1.1.1.0
>
> On the neighboring router:
>
> RTE#r
> 1.0.0.0/32 is subnetted, 1 subnets
> O E21.1.1.1 [110/20] via 110.99.100.1, 00:05:02, Serial0.100
>
> It does not matter if I change the access-list to permit 1.0.0.0 or host
> 1.1.1.1 !!!
>
> I just cannot seem to figure out why I cannot deny this route from being
> entered into the routing table!!
>
>
>
>
>
>
>
>
> _
> Help STOP SPAM: Try the new MSN 8 and get 2 months FREE*
> http://join.msn.com/?page=features/junkmail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=61058&t=61055
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: route-map deny_lo1 - now working?? [7:61055]

2003-01-14 Thread John Neiberger

>Hello,
>I have a loopback interface 1 that I am trying to deny under
redistribute 
>connected under ospf but am having no luck? What am I doing wrong?
Please 
>advise. Thank you.
>
>Config:
>
>TS#
>interface Loopback1
>ip address 1.1.1.1 255.255.255.255
>
>router ospf 100
>redistribute connected subnets route-map deny_lo1
>
>route-map deny_lo1 deny 10
>match ip address 99
>!
>route-map deny_lo1 permit 20
>match ip address 98
>
>access-list 98 permit any
>access-list 99 permit 1.1.1.0
>
>On the neighboring router:
>
>RTE#r
>1.0.0.0/32 is subnetted, 1 subnets
>O E21.1.1.1 [110/20] via 110.99.100.1, 00:05:02, Serial0.100
>
>It does not matter if I change the access-list to permit 1.0.0.0 or
host 
>1.1.1.1 !!!
>
>I just cannot seem to figure out why I cannot deny this route from
being 
>entered into the routing table!!
>

Have you tried using a wildcard mask in your access list?

John




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=61059&t=61055
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: route-map deny_lo1 - now working?? [7:61055]

2003-01-14 Thread wanabe ccie

i think there is no way to deny that route when using ACLs because ACLs
doesn't filter LSAs. make your area an NSSA, then do a no-redistribute, to
filter out redistributed routes (your TS router will be an ASBR).


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=61067&t=61055
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: route-map deny_lo1 - now working?? [7:61055]

2003-01-15 Thread Keyur Shah

mask is not matching in acl to interface. You can also do this,

route-map deny_lo1 deny 10
 match interface lo1
route-map deny_lo1 permit 20

or else 
access-list 99 permit host 1.1.1.1

-Keyur Shah-
CCIE# 4799 (Security;R/S)
CISSP,SCNA,CCSA,MCSE,MCNE
"Say Hello to Your Future!"
http://www.hellocomputers.com
Toll-Free: 1.877.79.HELLO


-Original Message-
From: Cisco Nuts [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 14, 2003 12:55 PM
To: [EMAIL PROTECTED]
Subject: route-map deny_lo1 - now working?? [7:61055]


Hello,
I have a loopback interface 1 that I am trying to deny under redistribute 
connected under ospf but am having no luck? What am I doing wrong? Please 
advise. Thank you.

Config:

TS#
interface Loopback1
ip address 1.1.1.1 255.255.255.255

router ospf 100
redistribute connected subnets route-map deny_lo1

route-map deny_lo1 deny 10
match ip address 99
!
route-map deny_lo1 permit 20
match ip address 98

access-list 98 permit any
access-list 99 permit 1.1.1.0

On the neighboring router:

RTE#r
1.0.0.0/32 is subnetted, 1 subnets
O E21.1.1.1 [110/20] via 110.99.100.1, 00:05:02, Serial0.100

It does not matter if I change the access-list to permit 1.0.0.0 or host 
1.1.1.1 !!!

I just cannot seem to figure out why I cannot deny this route from being 
entered into the routing table!!








_
Help STOP SPAM: Try the new MSN 8 and get 2 months FREE* 
http://join.msn.com/?page=features/junkmail




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=61101&t=61055
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: route-map deny_lo1 - now working?? [7:61055]

2003-01-15 Thread wanabe ccie

keyur, correct me if im wrong, but isn't it the filters will only filter out
the route for being advertised into the local router's routing table (the
router that did the redistribute and the filtering) but still the other
adjacent routers will still see the route because of the LSAs being
propagated?


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=61166&t=61055
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: route-map deny_lo1 - now working?? [7:61055]

2003-01-15 Thread wanabe ccie

keyur i already got your point. hehe! i really need a lot practice :)


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=61168&t=61055
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

route-map no-export - not working!! [7:61480]

2003-01-21 Thread Cisco Nuts

Hello,I am trying to block any routes that have traversed AS1000 from
being advertised beyond AS34 but am having no luck.R4 is learning a bunch
of routes from AS100 and the config is on R4 which in in AS34R4#route-map
comm_out permit 10
 match as-path 99
 set community no-export
!
route-map comm_out permit 20
 match ip address 96
 set metric 31337
!
route-map comm_out permit 30!ip as-path access-list 99 permit _1000_! On
the peer routers:R2#bt
BGP table version is 203, local router ID is 220.1.3.1
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal
Origin codes: i - IGP, e - EGP, ? - incomplete   Network  Next
Hop  Metric LocPrf Weight Path
*> 100.0.0.0/24 150.1.4.40 34 100 200 300
1000 400 500 i
*  100.1.0.0/24 150.1.12.1   0 1 34 100 200
300 400 500 i
*>  150.1.4.40 34 100 200 300
400 500 i
*> 100.2.0.0/24 150.1.4.40 34 100 200 300
1000 400 500 i
*  100.3.0.0/24 150.1.12.1   0 1 34 100 200
300 400 500 i
*>  150.1.4.40 34 100 200 300
400 500 i
*  110.110.110.0/24 150.1.12.1   0 1 34 100 200
300 400 500 i
*>  150.1.4.40 34 100 200 300
400 500 i
*  111.111.111.0/24 150.1.12.1   0 1 34 100 200
300 400 500 i
*>  150.1.4.4  31337 0 34 100 200 300
400 500 i
*  112.112.112.0/24 150.1.12.1   0 1 34 100 200
300 400 500 i
*>  150.1.4.40 34 100 200 300
400 500 i
*  113.113.113.0/24 150.1.12.1   0 1 34 100 200
300 400 500 i
*>  150.1.4.4  31337 0 34 100 200 300
400 500 i On R2, I can still see routes that have traversed AS1000 !!!What
am I doing wrong?Please help.Thank you.Sincerely,CN



Protect your PC - Click here for McAfee.com VirusScan Online




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=61480&t=61480
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

question on route map + access list on same interface

2001-01-25 Thread george


Theory question:
If a route-map and an input acess list are on the same interface what is the
order of processing?
1. Do packets go through the access list first then proccessed by route map?
2. Does the route-map go first and if so, do the packets then go to the
access list for processing or are they just sent out the next interface
bypassing the access list?




_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: Access-List and Route-Map Cache??? [7:13808]

2001-07-25 Thread John Neiberger


I believe you're referring to 'ip route-cache policy'.   It may not be
exactly what you're looking for, but it's the closest thing I can think
of off the top of my head.  It allows interfaces with policy routing to
be fast switched.

HTH,
John

>>> "Lupi, Guy"  7/25/01 4:05:12 PM >>>
I have heard that there is a command to tell the router to cache access
list
and route map entries so that all packets don't have to be process
switched
when they go through the acl.  Does anyone know what the command is?
Thanks.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=13810&t=13808
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: default-information originate with route-map [7:69558]

2003-05-28 Thread GM

Hi Maroun,

I have a number of suggestions that you could look into:

-Without the always keyword the ospf router will originate a default route
if there is one in the routing table. So check if you have a default route,
and if not include the always keyword in your default-information orginate
command.

-the route-map keyword specifies the conditions the default route must meet
before being distributed. Hence if you specify a route-map with the match
interface cmd, the default route must have its next-hop interface as the
interface specified in the match interface statement. That could explain why
the default route is not being distributed to any neighbor. It is does not
meet the conditions specified in the route map.

-IMHO, if your ospf neighbor is on a p2p connection you can use the
distibute-list out  cmd and filter out the default route.
But if you have a p2mp configuration, i am not too sure how you would filter
out the default route, for only one of the multipoint peers.

Anyone with any other ideas?

Cheers
GM

""Maroun Waked""  wrote in message
news:[EMAIL PROTECTED]
> hi,
>
> I have a router running ospf that needs to send a
> default route to its neighbors. For this, I have used
> the command default-information originate.
> Then I wanted one of the neighbors not to receive the
> default route. I thought that the route-map option at
> the end of the default-information originate, would
> help.
> However, each time I create a route-map, the default
> route will not be advertised to any of the neigbors.
> I tried using match interface, but I never got any
> matches.
> In brief, things didn't work.
> Can anyone help
>
> thank you
>
> __
> Do you Yahoo!?
> The New Yahoo! Search - Faster. Easier. Bingo.
> http://search.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=69648&t=69558
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: default-information originate with route-map [7:69558]

2003-05-29 Thread Maroun Waked

Hi,

thanks for your reply,

actually I have a default route in the router.
I tried with a default route poiting to an IP address,
and tried matching on this address in the route-map.
But no success, I even tried with a permit any
access-list but also no success.

Then I removed the first default route and added one
pointing to an interface, and in the route-map, I
tried matching this interface, also no success.

Did you anyone ever try this command ?

Thanks

--- GM  wrote:
> Hi Maroun,
> 
> I have a number of suggestions that you could look
> into:
> 
> -Without the always keyword the ospf router will
> originate a default route
> if there is one in the routing table. So check if
> you have a default route,
> and if not include the always keyword in your
> default-information orginate
> command.
> 
> -the route-map keyword specifies the conditions the
> default route must meet
> before being distributed. Hence if you specify a
> route-map with the match
> interface cmd, the default route must have its
> next-hop interface as the
> interface specified in the match interface
> statement. That could explain why
> the default route is not being distributed to any
> neighbor. It is does not
> meet the conditions specified in the route map.
> 
> -IMHO, if your ospf neighbor is on a p2p connection
> you can use the
> distibute-list out  cmd and filter out the default
> route.
> But if you have a p2mp configuration, i am not too
> sure how you would filter
> out the default route, for only one of the
> multipoint peers.
> 
> Anyone with any other ideas?
> 
> Cheers
> GM
> 
> ""Maroun Waked""  wrote in message
> news:[EMAIL PROTECTED]
> > hi,
> >
> > I have a router running ospf that needs to send a
> > default route to its neighbors. For this, I have
> used
> > the command default-information originate.
> > Then I wanted one of the neighbors not to receive
> the
> > default route. I thought that the route-map option
> at
> > the end of the default-information originate,
> would
> > help.
> > However, each time I create a route-map, the
> default
> > route will not be advertised to any of the
> neigbors.
> > I tried using match interface, but I never got any
> > matches.
> > In brief, things didn't work.
> > Can anyone help
> >
> > thank you
> >
> > __
> > Do you Yahoo!?
> > The New Yahoo! Search - Faster. Easier. Bingo.
> > http://search.yahoo.com
[EMAIL PROTECTED]


__
Do you Yahoo!?
Yahoo! Calendar - Free online calendar with sync to Outlook(TM).
http://calendar.yahoo.com




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=69675&t=69558
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: default-information originate with route-map [7:69558]

2003-05-29 Thread Tom Martin

Maroun,

OSPF routers don't really send out routes to their neighbors, they send 
LSAs.  For most things you can think of them as being the same, except 
in situations like yours.

Your router is presumably creating the default route (use 'show ip ospf 
database' to verify) and therefore creating the LSA for it.  The LSA is 
flooded to all neighbors.  In a redundant network the LSA could even be 
sent from multiple neighbors.  The end result is that all routers WILL 
get the default gateway LSA.

To get around this "problem", you need to use a distribution list on the 
router that should not honor the default gateway.  The router will still 
get the LSA, will still enter the LSA into its database and will still 
flood the LSA to its neighbors.  But if you use a distribution list it 
will NOT put the route in its routing table.  It sounds like this is 
what you're looking for.

In other words put the filter on the router where the filtering needs to 
take place, not on the sending router.  You could also accomplish this 
by using multiple areas and filtering at the ABR.

- Tom

Maroun Waked wrote:
> hi,
> 
> I have a router running ospf that needs to send a
> default route to its neighbors. For this, I have used
> the command default-information originate.
> Then I wanted one of the neighbors not to receive the
> default route. I thought that the route-map option at
> the end of the default-information originate, would
> help.
> However, each time I create a route-map, the default
> route will not be advertised to any of the neigbors.
> I tried using match interface, but I never got any
> matches.
> In brief, things didn't work.
> Can anyone help
> 
> thank you
> 
> __
> Do you Yahoo!?
> The New Yahoo! Search - Faster. Easier. Bingo.
> http://search.yahoo.com

Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=69714&t=69558
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: route-map deny_lo1 - now working-----FINALLY!! [7:61104]

2003-01-15 Thread Cisco Nuts

Thank you very much for your help, John...as always!!

I did a #access-list 99 permit 1.1.1.1 0.0.0.0

and just did a  route-map deny_lo1 permit 20 without any match
statements.

It worked..

Thanks once again

 

BTW: Have you got your CCIE # yet??

 

 

>From: "John Neiberger" >Reply-To: "John Neiberger" >To:
[EMAIL PROTECTED] >Subject: Re: route-map deny_lo1 - now working??
[7:61055] >Date: Tue, 14 Jan 2003 21:29:13 GMT > > >Hello, > >I have a
loopback interface 1 that I am trying to deny under >redistribute >
>connected under ospf but am having no luck? What am I doing wrong?
>Please > >advise. Thank you. > > > >Config: > > > >TS# > >interface
Loopback1 > >ip address 1.1.1.1 255.255.255.255 > > > >router ospf 100 >
>redistribute connected subnets route-map deny_lo1 > > > >route-map
deny_lo1 deny 10 > >match ip address 99 > >! > >route-map deny_lo1 permit
20 > >match ip address 98 > > > >access-list 98 permit any > >access-list
99 permit 1.1.1.0 > > > >On the neighboring router: > > > >RTE#r >
>1.0.0.0/32 is subnetted, 1 subnets > >O E2 1.1.1.1 [110/20] via
110.99.100.1, 00:05:02, Serial0.100 > > > >It does not matter if I change
the access-list to permit 1.0.0.0 or >host > >1.1.1.1 !!! > > > >I just
cannot seem to figure out why I cannot deny this route from >being >
>entered into the routing table!! > > > >Have you tried using a wildcard
misconduct and Nondisclosure violations to [EMAIL PROTECTED]



Help STOP SPAM: Try the new MSN 8 and get 2 months FREE*




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=61104&t=61104
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: route-map deny_lo1 - now working-----FINALLY!! [7:61120]

2003-01-15 Thread John Neiberger

Thanks, I'm glad I could help. 

And no, I unfortunately do not have my CCIE number yet, and that
particular goal has been placed on the back burner fora while.  I have
other considerations that demand my attention--or distract me, at
least--including my nine-month-old son!  :-)  He's awesome, but it's
very difficult to arrange that amount of studying time required to make
another run at the lab.  My wife didn't mind me sequestering myself when
it was just the two of us but she'd really be irritated if I did it
now!

John

>>> "Cisco Nuts"  1/15/03 8:46:39 AM >>>

Thank you very much for your help, John...as always!!
I did a #access-list 99 permit 1.1.1.1 0.0.0.0
and just did a  route-map deny_lo1 permit 20 without any match
statements.
It worked..
Thanks once again
 
BTW: Have you got your CCIE # yet??




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=61120&t=61120
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: route-map no-export - not working!! [7:61480]

2003-01-21 Thread Captian Lance

You have to use the "send community" command in your BGP configuration.




""Cisco Nuts""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello,I am trying to block any routes that have traversed AS1000 from
> being advertised beyond AS34 but am having no luck.R4 is learning a bunch
> of routes from AS100 and the config is on R4 which in in AS34R4#route-map
> comm_out permit 10
>  match as-path 99
>  set community no-export
> !
> route-map comm_out permit 20
>  match ip address 96
>  set metric 31337
> !
> route-map comm_out permit 30!ip as-path access-list 99 permit _1000_! On
> the peer routers:R2#bt
> BGP table version is 203, local router ID is 220.1.3.1
> Status codes: s suppressed, d damped, h history, * valid, > best, i -
> internal
> Origin codes: i - IGP, e - EGP, ? - incomplete   Network  Next
> Hop  Metric LocPrf Weight Path
> *> 100.0.0.0/24 150.1.4.40 34 100 200 300
> 1000 400 500 i
> *  100.1.0.0/24 150.1.12.1   0 1 34 100 200
> 300 400 500 i
> *>  150.1.4.40 34 100 200 300
> 400 500 i
> *> 100.2.0.0/24 150.1.4.40 34 100 200 300
> 1000 400 500 i
> *  100.3.0.0/24 150.1.12.1   0 1 34 100 200
> 300 400 500 i
> *>  150.1.4.40 34 100 200 300
> 400 500 i
> *  110.110.110.0/24 150.1.12.1   0 1 34 100 200
> 300 400 500 i
> *>  150.1.4.40 34 100 200 300
> 400 500 i
> *  111.111.111.0/24 150.1.12.1   0 1 34 100 200
> 300 400 500 i
> *>  150.1.4.4  31337 0 34 100 200 300
> 400 500 i
> *  112.112.112.0/24 150.1.12.1   0 1 34 100 200
> 300 400 500 i
> *>  150.1.4.40 34 100 200 300
> 400 500 i
> *  113.113.113.0/24 150.1.12.1   0 1 34 100 200
> 300 400 500 i
> *>  150.1.4.4  31337 0 34 100 200 300
> 400 500 i On R2, I can still see routes that have traversed AS1000 !!!What
> am I doing wrong?Please help.Thank you.Sincerely,CN
>
> 
>
> Protect your PC - Click here for McAfee.com VirusScan Online




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=61481&t=61480
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: route-map no-export - not working!! [7:61480]

2003-01-21 Thread Cisco Nuts

Done that too!!

router bgp 34
 no synchronization
 network 195.1.4.0
 neighbor 150.1.2.2 remote-as 256
 neighbor 150.1.2.2 ebgp-multihop 255
 neighbor 150.1.2.2 update-source Loopback0
 neighbor 150.1.2.2 send-community
 neighbor 150.1.2.2 route-map comm_out out
 neighbor 150.1.14.1 remote-as 1
 neighbor 150.1.14.1 send-community
 neighbor 150.1.14.1 route-map comm_out out
 neighbor 150.1.111.3 remote-as 34
 neighbor 150.1.111.3 send-community
 neighbor 150.1.111.3 route-map comm_out out
 neighbor 170.1.1.254 remote-as 100
 no auto-summary

>From: "Captian Lance" >Reply-To: "Captian Lance" >To:
[EMAIL PROTECTED] >Subject: Re: route-map no-export - not working!!
[7:61480] >Date: Tue, 21 Jan 2003 18:43:25 GMT > >You have to use the
"send community" command in your BGP configuration. > > > > >""Cisco
Nuts"" wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > >
Hello,I am trying to block any routes that have traversed AS1000 from > >
being advertised beyond AS34 but am having no luck.R4 is learning a bunch
> > of routes from AS100 and the config is on R4 which in in
AS34R4#route-map > > comm_out permit 10 > > match as-path 99 > > set
community no-export > > ! > > route-map comm_out permit 20 > > match ip
address 96 > > set metric 31337 > > ! > > route-map comm_out permit 30!ip
as-path access-list 99 permit _1000_! On > > the peer routers:R2#bt > >
BGP table version is 203, local router ID is 220.1.3.1 > > Status codes:
s suppressed, d damped, h history, * valid, > best, i - > > internal > >
Origin codes: i - IGP, e - EGP, ? - incomplete Network Next > > Hop
Metric LocPrf Weight Path > > *> 100.0.0.0/24 150.1.4.4 0 34 100 200 300
> > 1000 400 500 i > > * 100.1.0.0/24 150.1.12.1 0 1 34 100 200 > > 300
400 500 i > > *> 150.1.4.4 0 34 100 200 300 > > 400 500 i > > *>
100.2.0.0/24 150.1.4.4 0 34 100 200 300 > > 1000 400 500 i > > *
100.3.0.0/24 150.1.12.1 0 1 34 100 200 > > 300 400 500 i > > *> 150.1.4.4
0 34 100 200 300 > > 400 500 i > > * 110.110.110.0/24 150.1.12.1 0 1 34
100 200 > > 300 400 500 i > > *> 150.1.4.4 0 34 100 200 300 > > 400 500 i
> > * 111.111.111.0/24 150.1.12.1 0 1 34 100 200 > > 300 400 500 i > > *>
150.1.4.4 31337 0 34 100 200 300 > > 400 500 i > > * 112.112.112.0/24
150.1.12.1 0 1 34 100 200 > > 300 400 500 i > > *> 150.1.4.4 0 34 100 200
300 > > 400 500 i > > * 113.113.113.0/24 150.1.12.1 0 1 34 100 200 > >
300 400 500 i > > *> 150.1.4.4 31337 0 34 100 200 300 > > 400 500 i On
R2, I can still see routes that have traversed AS1000 !!!What > > am I
doing wrong?Please help.Thank you.Sincerely,CN > > > >

> > > > Protect your PC - Click here for McAfee.com VirusScan Online > >
misconduct and Nondisclosure violations to [EMAIL PROTECTED]



MSN 8: advanced junk mail protection and 2 months FREE*




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=61485&t=61480
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: route-map no-export - not working!! [7:61480]

2003-01-21 Thread Xueyan Liu

Looks like you have "permit" all the way but no "deny" on the particular AS.
change one permit to deny either in your route-map or access-list should fix
the problem.

Xueyan


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=61501&t=61480
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: route-map no-export - not working!! [7:61480]

2003-01-22 Thread Darrell Newcomb

Xueyan's comments about changing permit and deny's would work.

But I think the big thing you are missing here is you're tagging something
no-export on the way out of AS34.  That will pass the route to the
neighboring AS and then they shouldn't pass it on to their neighboring AS's.
If you wanted to use no-export to prevent AS34 from leaking these routes
then you should tag them as such on the way into the AS.

Or as Xueyan's comments say deny the routes in your route-map/acl's on the
way out.

Also given the nature of what you want to filter(routes through AS1000, but
not filter routes originating from AS1000) you'll need to alter the as-path
acl.  Then again I may be mis-understanding the goals on this part and you
really don't want routes from or through AS1000.

Darrell
http://www.netswitch.net


""Cisco Nuts""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello,I am trying to block any routes that have traversed AS1000 from
> being advertised beyond AS34 but am having no luck.R4 is learning a bunch
> of routes from AS100 and the config is on R4 which in in AS34R4#route-map
> comm_out permit 10
>  match as-path 99
>  set community no-export
> !
> route-map comm_out permit 20
>  match ip address 96
>  set metric 31337
> !
> route-map comm_out permit 30!ip as-path access-list 99 permit _1000_! On
> the peer routers:R2#bt
> BGP table version is 203, local router ID is 220.1.3.1
> Status codes: s suppressed, d damped, h history, * valid, > best, i -
> internal
> Origin codes: i - IGP, e - EGP, ? - incomplete   Network  Next
> Hop  Metric LocPrf Weight Path
> *> 100.0.0.0/24 150.1.4.40 34 100 200 300
> 1000 400 500 i
> *  100.1.0.0/24 150.1.12.1   0 1 34 100 200
> 300 400 500 i
> *>  150.1.4.40 34 100 200 300
> 400 500 i
> *> 100.2.0.0/24 150.1.4.40 34 100 200 300
> 1000 400 500 i
> *  100.3.0.0/24 150.1.12.1   0 1 34 100 200
> 300 400 500 i
> *>  150.1.4.40 34 100 200 300
> 400 500 i
> *  110.110.110.0/24 150.1.12.1   0 1 34 100 200
> 300 400 500 i
> *>  150.1.4.40 34 100 200 300
> 400 500 i
> *  111.111.111.0/24 150.1.12.1   0 1 34 100 200
> 300 400 500 i
> *>  150.1.4.4  31337 0 34 100 200 300
> 400 500 i
> *  112.112.112.0/24 150.1.12.1   0 1 34 100 200
> 300 400 500 i
> *>  150.1.4.40 34 100 200 300
> 400 500 i
> *  113.113.113.0/24 150.1.12.1   0 1 34 100 200
> 300 400 500 i
> *>  150.1.4.4  31337 0 34 100 200 300
> 400 500 i On R2, I can still see routes that have traversed AS1000 !!!What
> am I doing wrong?Please help.Thank you.Sincerely,CN
>
> 
>
> Protect your PC - Click here for McAfee.com VirusScan Online




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=61598&t=61480
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: route-map no-export - not working!! [7:61480]

2003-01-22 Thread Cisco Nuts

You guys are absolutely right!!

I had to filter inbound NOT outbound.Big difference!!

This route-map matched all routes that traversed AS1000 and set the
community to no-export and thus they were not advertised out of AS34.

Thank you so much for all your help, guys.

Sincerely,

CN

>From: "Darrell Newcomb" >Reply-To: "Darrell Newcomb" >To:
[EMAIL PROTECTED] >Subject: Re: route-map no-export - not working!!
[7:61480] >Date: Wed, 22 Jan 2003 18:32:44 GMT > >Xueyan's comments about
changing permit and deny's would work. > >But I think the big thing you
are missing here is you're tagging something >no-export on the way out of
AS34. That will pass the route to the >neighboring AS and then they
shouldn't pass it on to their neighboring AS's. >If you wanted to use
no-export to prevent AS34 from leaking these routes >then you should tag
them as such on the way into the AS. > >Or as Xueyan's comments say deny
the routes in your route-map/acl's on the >way out. > >Also given the
nature of what you want to filter(routes through AS1000, but >not filter
routes originating from AS1000) you'll need to alter the as-path >acl.
Then again I may be mis-understanding the goals on this part and you
>really don't want routes from or through AS1000. > >Darrell
>http://www.netswitch.net > > >""Cisco Nuts"" wrote in message
>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hello,I am trying to
block any routes that have traversed AS1000 from > > being advertised
beyond AS34 but am having no luck.R4 is learning a bunch > > of routes
from AS100 and the config is on R4 which in in AS34R4#route-map > >
comm_out permit 10 > > match as-path 99 > > set community no-export > > !
> > route-map comm_out permit 20 > > match ip address 96 > > set metric
31337 > > ! > > route-map comm_out permit 30!ip as-path access-list 99
permit _1000_! On > > the peer routers:R2#bt > > BGP table version is
203, local router ID is 220.1.3.1 > > Status codes: s suppressed, d
damped, h history, * valid, > best, i - > > internal > > Origin codes: i
- IGP, e - EGP, ? - incomplete Network Next > > Hop Metric LocPrf Weight
Path > > *> 100.0.0.0/24 150.1.4.4 0 34 100 200 300 > > 1000 400 500 i >
> * 100.1.0.0/24 150.1.12.1 0 1 34 100 200 > > 300 400 500 i > > *>
150.1.4.4 0 34 100 200 300 > > 400 500 i > > *> 100.2.0.0/24 150.1.4.4 0
34 100 200 300 > > 1000 400 500 i > > * 100.3.0.0/24 150.1.12.1 0 1 34
100 200 > > 300 400 500 i > > *> 150.1.4.4 0 34 100 200 300 > > 400 500 i
> > * 110.110.110.0/24 150.1.12.1 0 1 34 100 200 > > 300 400 500 i > > *>
150.1.4.4 0 34 100 200 300 > > 400 500 i > > * 111.111.111.0/24
150.1.12.1 0 1 34 100 200 > > 300 400 500 i > > *> 150.1.4.4 31337 0 34
100 200 300 > > 400 500 i > > * 112.112.112.0/24 150.1.12.1 0 1 34 100
200 > > 300 400 500 i > > *> 150.1.4.4 0 34 100 200 300 > > 400 500 i > >
* 113.113.113.0/24 150.1.12.1 0 1 34 100 200 > > 300 400 500 i > > *>
150.1.4.4 31337 0 34 100 200 300 > > 400 500 i On R2, I can still see
routes that have traversed AS1000 !!!What > > am I doing wrong?Please
help.Thank you.Sincerely,CN > > > >

> > > > Protect your PC - Click here for McAfee.com VirusScan Online > >
misconduct and Nondisclosure violations to [EMAIL PROTECTED]



MSN 8 with e-mail virus protection service: 2 months FREE*




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=61600&t=61480
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

RE: question on route map + access list on same interface

2001-01-25 Thread Andrew Larkins

I think that the access list should have priority

-Original Message-
From: george [mailto:[EMAIL PROTECTED]]
Sent: 26 January 2001 04:02
To: [EMAIL PROTECTED]
Subject: question on route map + access list on same interface

Theory question:
If a route-map and an input acess list are on the same interface what is the
order of processing?
1. Do packets go through the access list first then proccessed by route map?
2. Does the route-map go first and if so, do the packets then go to the
access list for processing or are they just sent out the next interface
bypassing the access list?

_
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Re: question on route map + access list on same interface

2001-01-26 Thread Howard C. Berkowitz


>Theory question:
>If a route-map and an input acess list are on the same interface what is the
>order of processing?
>1. Do packets go through the access list first then proccessed by route map?
>2. Does the route-map go first and if so, do the packets then go to the
>access list for processing or are they just sent out the next interface
>bypassing the access list?

To some extent, It Depends.

Let's look farther.  Route-maps apply to the contents of certain 
packets containing routing information.  Access lists apply to packet 
headers.

Of the major routing protocols:


ProtocolHeader Access lists affecting header

ISIS data link  MAC, LLC, ethertype
RIP  UDPIP, UDP
OSPF, IGRP, EIGRP
 IP IP
BGP  TCPIP, TCP

_
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

1 2 >

1 - 100 of 112 matches

Mail list logo