ABR command

With “Area 300 NSSA no-summary” command, the ABR only advertises a default route and blocks existing and future LSA Type 3s coming from the other areas, and the default route is injected as an inter-area route. Whereas, with “Area 300 NSSA default-infor” command, your default route that the ABR injects into the area is “N2” and the LSA Type-3s are NOT blocked.


R1(config-router)#area 300 nssa no-summary

R4(config)#do show ip route

Gateway of last resort is to network is subnetted, 2 subnets
C is directly connected, Loopback0
C is directly connected, Serial0/0.301
O*IA [110/1563] via, 00:00:06, Serial0/0.301

-R1(config-router)#area 300 nssa default-information-originate

R4(config)#do show ip route

Gateway of last resort is to network is variably subnetted, 5 subnets, 2 masks
O IA [110/1563] via, 00:00:24, Serial0/0.301
C is directly connected, Loopback0
O IA [110/3124] via, 00:00:24, Serial0/0.301
C is directly connected, Serial0/0.301
O IA [110/3125] via, 00:00:24, Serial0/0.301
O*N2 [110/1] via, 00:00:02, Serial0/0.301

Filtering techniques

Route-maps,Distributed Lists,Passive Lists and Prefix Lists

The first thing to remember is Route maps are always defined by ACLs…. So when matching # is always the ACL



Second thing to remember when creating a route-map and not using a sequence # the default Is 10, and it goes up within increments from 10.


Third, Route-maps are similar to ACLs, the router will scroll through the list and match the route map 10, 20, 30 etc, if it does not match it is like a implicit deny.



1.)Route maps for redistribution

Router(config)# route-map TESTpermit 10

Router(config-route-map)#match ip address 23(ACL)

So when I redistribute this I can do the following…

Router(config)#Router eigrp 1

Router(Config-Router)# Redistribute OSPF 1 route-map test

2.)Route maps for Policy Based Routing(PBR)


Router(config)# Route-map Test

Router(Config-route-map)# match ip address 23

Router(Config-route-map)#Set ip next-hop


Router(config) set local policy route-map Test

^^ Sets to the router itself for all traffic.


Router(config)# Route-map test

Router(Config-route-map)# Set interface fa0/1


Router(config)# int fa0/0

Router(config-if)# ip policy route-map test

^^ Forwards out a interface so there is no matching everything goes right out of a interface

3.)Tagging routes using a Route Map


This is slightly confusing but if you are redistributing EIGRP into OSPF you can tag EIGRP routes as they are redistributed into OSPF and deny OSPF into EIGRP.


Router(config)# route-map test1 deny 6

Router(config-route-map)# match tag 1

Router(config-route-map)# route-map Test1 permit 10

Router(config-route-map# set tag 2

Router(config)# route-map Test2 deny 6

Router(config-route-map)#match tag 2

Router(config-route-map)# route-map test2 permit 10

Router(config-route-map)# set tag 1

Then when redistributing we have to do the following…

Router(config)# router eigrp 1

Router(config-router)# redistribute ospf 2 route-map test2 metric 100 100 100 100 1000

Router(config-router)# router ospf 1

Router(config-router)# redistribute eigrp 1 route-map test1 subnets

Prefix Lists

A prefix list is used to match both the subnet and the prefix in a subnet mask.  You can Permit or Deny.  Also there is a Implicit Deny at the end of the prefix list.

Ip prefix-list test1 10 deny ge 24 le 30

Test1 – > Name of prefix list there are no numbered prefix lists

Deny or permit – > permitting or deny – > ip address and subnet mask have to be entered

Ge or le – > greater than or less than the following CIDR notation.

Ip prefix TEST permit le 32 – > Permits everything

Ip prefix Test permit ge 24 le 30 – > permits any subnet above 24 le /30

We can use prefix lists in BGP

R3(config-router)#neighbor prefix-list TEST1 out

Distributed Lists

For filtering Routing Updates and Routes being redistributed.  Uses ACL’s.   The best practice for this is for blocking routing updates.  Normally associated with OSPF.

Distribute-list 23 in

Distribute-list 23 out

Router Eigrp 1


Distribute-list 23 out Fa0/1

The way this works is if a routing update goes out Fa0/1 it checks the ACL to see if its okay.

Passive Interface

Used so there are no hello packets / routing updates sent out on a interface.  The reason for this is if I had a interface that is nor participating in a IGP like EIGRP , RIP OSPF etc CPU cycles are being wasted sent out on that interface.

Router Eigrp 1

Passive-interface Default

No passive-interface Fa1/0


Different IGPS handle Passive-interfaces differently

RIP – > Does not send hello multicast, but it will receive them

EIGRP-> Will not send or receive

OSPF – > Will not send or receive


Path Control..




This is a way to increase the metric of a route, uses a ACL, the only two IGPs that support Offset-lists are RIP and EIGRP.


First configure a ACL

Ip access-list standard offset



Router eigrp 1

Router(config-router)offset-list 23 offset in 2000 fa0/0



What this does is increase the metric for that route by 2000 which can be display in the IP route table.






Newer feature in newer IOS’s that will alow the router to monitor any type of TCP Connections.  This will actually use TCP commands to monitor a router / path it is taking.  For example you can have a DNS server or a route pinged every 10 seconds to check to see the health or the ping in Miliseconds.  If the ping is back or the path is not up you can then take a alternative path.


First create the SLA

Pings every 10 seconds


Router(config)# ip Sla 1

Router(config-ip-sla)# icmp-echo

Router(config-ip-sla)# frequency 10


Set the time


Router(config)# ip sla schedule 1 life forever start-time now


Set reachibility

Router(config)# track ip sla 1 reachability


If it is reachable with the ping then go to this default route.

Router(config)# ip route track 1



So what we created here was a ping every 10 seconds to the route,  started it currently and go on forever.


We next check to see if it is reachable, after its reachable send all traffic out to that default route.


If we wanted to we could have set a SLA 2 and set a default route with a administrative distance of 3 sending all traffic out that destination if a SLA failed to ping very 10 seconds.



SLAs are also really common to create for monitoring SLA tools which can be ran on a server to display the SLA health.