The first thing to remember is Route maps are always defined by ACLs…. So when matching # is always the ACL
Second thing to remember when creating a route-map and not using a sequence # the default Is 10, and it goes up within increments from 10.
Third, Route-maps are similar to ACLs, the router will scroll through the list and match the route map 10, 20, 30 etc, if it does not match it is like a implicit deny.
1.)Route maps for redistribution
Router(config)# route-map TESTpermit 10
Router(config-route-map)#match ip address 23(ACL)
So when I redistribute this I can do the following…
Router(config)#Router eigrp 1
Router(Config-Router)# Redistribute OSPF 1 route-map test
2.)Route maps for Policy Based Routing(PBR)
Router(config)# Route-map Test
Router(Config-route-map)# match ip address 23
Router(Config-route-map)#Set ip next-hop 192.168.1.1
Router(config) set local policy route-map Test
^^ Sets to the router itself for all traffic.
Router(config)# Route-map test
Router(Config-route-map)# Set interface fa0/1
Router(config)# int fa0/0
Router(config-if)# ip policy route-map test
^^ Forwards out a interface so there is no matching everything goes right out of a interface
3.)Tagging routes using a Route Map
This is slightly confusing but if you are redistributing EIGRP into OSPF you can tag EIGRP routes as they are redistributed into OSPF and deny OSPF into EIGRP.
Router(config)# route-map test1 deny 6
Router(config-route-map)# match tag 1
Router(config-route-map)# route-map Test1 permit 10
Router(config-route-map# set tag 2
Router(config)# route-map Test2 deny 6
Router(config-route-map)#match tag 2
Router(config-route-map)# route-map test2 permit 10
Router(config-route-map)# set tag 1
Then when redistributing we have to do the following…
Router(config)# router eigrp 1
Router(config-router)# redistribute ospf 2 route-map test2 metric 100 100 100 100 1000
Router(config-router)# router ospf 1
Router(config-router)# redistribute eigrp 1 route-map test1 subnets
A prefix list is used to match both the subnet and the prefix in a subnet mask. You can Permit or Deny. Also there is a Implicit Deny at the end of the prefix list.
Ip prefix-list test1 10 deny 192.168.1.1/24 ge 24 le 30
Test1 – > Name of prefix list there are no numbered prefix lists
Deny or permit – > permitting or deny
192.168.1.1/24 – > ip address and subnet mask have to be entered
Ge or le – > greater than or less than the following CIDR notation.
Ip prefix TEST permit 0.0.0.0/0 le 32 – > Permits everything
Ip prefix Test permit 192.168.1.1/24 ge 24 le 30 – > permits any subnet above 24 le /30
We can use prefix lists in BGP
R3(config-router)#neighbor 22.214.171.124 prefix-list TEST1 out
For filtering Routing Updates and Routes being redistributed. Uses ACL’s. The best practice for this is for blocking routing updates. Normally associated with OSPF.
Distribute-list 23 in
Distribute-list 23 out
Router Eigrp 1
Distribute-list 23 out Fa0/1
The way this works is if a routing update goes out Fa0/1 it checks the ACL to see if its okay.
Used so there are no hello packets / routing updates sent out on a interface. The reason for this is if I had a interface that is nor participating in a IGP like EIGRP , RIP OSPF etc CPU cycles are being wasted sent out on that interface.
Router Eigrp 1
No passive-interface Fa1/0
Network 192.168.0.0 0.0.255.255
Different IGPS handle Passive-interfaces differently
RIP – > Does not send hello multicast, but it will receive them
EIGRP-> Will not send or receive
OSPF – > Will not send or receive
This is a way to increase the metric of a route, uses a ACL, the only two IGPs that support Offset-lists are RIP and EIGRP.
First configure a ACL
Ip access-list standard offset
Router(config-std-nacl)permit 192.168.1.0 0.0.0.255
Router eigrp 1
Router(config-router)offset-list 23 offset in 2000 fa0/0
What this does is increase the metric for that 192.168.1.0 route by 2000 which can be display in the IP route table.
Newer feature in newer IOS’s that will alow the router to monitor any type of TCP Connections. This will actually use TCP commands to monitor a router / path it is taking. For example you can have a DNS server or a route pinged every 10 seconds to check to see the health or the ping in Miliseconds. If the ping is back or the path is not up you can then take a alternative path.
First create the SLA
Pings every 10 seconds
Router(config)# ip Sla 1
Router(config-ip-sla)# icmp-echo 192.168.1.1
Router(config-ip-sla)# frequency 10
Set the time
Router(config)# ip sla schedule 1 life forever start-time now
Router(config)# track ip sla 1 reachability
If it is reachable with the ping then go to this default route.
Router(config)# ip route 0.0.0.0 0.0.0.0 192.168.1.1 track 1
So what we created here was a ping every 10 seconds to the 192.168.1.1 route, started it currently and go on forever.
We next check to see if it is reachable, after its reachable send all traffic out to that default route.
If we wanted to we could have set a SLA 2 and set a default route with a administrative distance of 3 sending all traffic out that destination if a SLA failed to ping very 10 seconds.
SLAs are also really common to create for monitoring SLA tools which can be ran on a server to display the SLA health.