1 redistribution + filtering
Hi All
I have a scenario in which the redistribution from level-2 into level-1 is working fine, however, from my L1-L2 router, I have 2 L2 neighbors and I want to filter out one of these L2 neighbor’s routes from being redistributed into level-1.
Setup is.
R1 – - – (L2) – - (L1) R3 ————————-R4 – - – (L2) – - R2
On R3, I have this configuration but R4 still receives all routes.
R3#sh run Building configuration…
Current configuration : 1305 bytes ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R3 ! boot-start-marker boot-end-marker ! ! no aaa new-model ! resource policy ! memory-size iomem 5 ip subnet-zero ! ! ip cef no ip dhcp use vrf connected ! ! no ip ips deny-action ips-interface ! clns filter-set CLNS deny 49.0001.0000.0000.0001.00 no ftp-server write-enable ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! no crypto isakmp ccm ! ! ! ! interface Loopback0 ip address 3.3.3.3 255.255.255.0 ! interface FastEthernet0/0 ip address 150.1.13.3 255.255.255.0 ip router isis duplex auto speed auto clns enable isis circuit-type level-2-only ! interface FastEthernet1/0 ip address 150.1.23.3 255.255.255.0 ip router isis duplex auto speed auto isis circuit-type level-2-only ! interface FastEthernet2/0 ip address 150.1.34.3 255.255.255.0 ip router isis duplex auto speed auto isis circuit-type level-1 ! router isis net 49.0034.0000.0000.0003.00 redistribute isis ip level-2 into level-1 route-map CLNS passive-interface Loopback0 ! ip http server no ip http secure-server ip classless ! ! ! ! route-map CLNS permit 10 match clns address CLNS ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 line aux 0 line vty 0 4 login ! ! end
Blogs and organic groups at http://www.ccie.net
_______________________________________________________________________ Subscription information may be found at: http://www.groupstudy.com/list/CCIELab.html
Hi Service provider,
If i understand correctly, you are not able to see the routes from R1 and R2 on R4 with this configuration on R3?
Is this is the problem you are missing the “route-map CLNS permit 20″ in the route-map.
Thanks Satinder
On Sat, Jan 30, 2010 at 12:07 PM, Service Provider < service.providersa@gmail.com> wrote:
Hi,
It’s probably because you use clns filter-sets to match CLNS addresses (in this context CLNS routes) and you want to filter the IP routes. My guess is that you will have to use isis tags (wide-metrics needs to be enable in the ISIS domain); matching clns next-hop or source-route in the ISIS IP route leaking route-map is not documented and it doesn’t seem to work.
Eduard
Blogs and organic groups at http://www.ccie.net
_______________________________________________________________________ Subscription information may be found at: http://www.groupstudy.com/list/CCIELab.html
Hi All
What I want to achieve is for R4 to only receive routes from R2 (49.0002) and R3 (49.0034). I want to filter out routes from R1 (49.0001) when I redistribute L2 routes into L1 on R3, which is L1L2 router. R4 is in the same area as R3.
Thank you. SP
href=”mailto:service.providersa@gmail.com”>service.providersa@gmail.com> wrote:
Blogs and organic groups at http://www.ccie.net
_______________________________________________________________________ Subscription information may be found at: http://www.groupstudy.com/list/CCIELab.html
try adding “set-attached-bit route-map CLNS” under your ISIS config. i think that will fix your issue.
Blogs and organic groups at http://www.ccie.net
_______________________________________________________________________ Subscription information may be found at: http://www.groupstudy.com/list/CCIELab.html
you’ll have to match IP prefixes using an ACL/prefix-list or match ISIS route tags to do this filtering. so u need to either use “match ip addr” or “match tag” in the route-map. CLNS matching wont work.
isis tags can be set on R1 under the R1’s interface using “isis tag ” and used on R3 to filter out the tagged routes using a route-map. att-bit is not used for filtering isis ia routes.
Swap #19804
Blogs and organic groups at http://www.ccie.net
_______________________________________________________________________ Subscription information may be found at: http://www.groupstudy.com/list/CCIELab.html
Thanks, so it is not possible to filter ISIS routes based on the Area-ID? The only way to achieve this is by IP filtering – cool, thanks.
Blogs and organic groups at http://www.ccie.net
_______________________________________________________________________ Subscription information may be found at: http://www.groupstudy.com/list/CCIELab.html
There is an alternate, easily configurable way for filtering. You can simply set AD=255 (default 115) for routes learned from a IS based on it’s IP address. Those routes will be installed in the ISIS database but not in the RT so they won’t be used for forwarding. The difference from the “isis tag” method is that R3 will still include the routes from R2 in it’s LSP and the “filtering” is done at R4. This method it’s flexible too since you can match a range of next-hop IP addresses in the form of IP/wildcard mask and, if you use the access-list, also match the exact routes you wish to apply the distance value.
In your case (I suppose that 1.1.1.1 is highest loopback address of R1 included in IS-IS) R4(config)#router isis R4(config-router)#distance 255 1.1.1.1 0.0.0.0
To check: show isis rib show ip route
Let me know if it worked in your setup.
Eduard
Blogs and organic groups at http://www.ccie.net
_______________________________________________________________________ Subscription information may be found at: http://www.groupstudy.com/list/CCIELab.html
By next-hop IP address I mean “originator IP address” as referred in Cisco’s documentation. I don’t know exactly what is the rule to choose the originator IP address from “IP Interface Address TLV” but it seems it choses the highest IP address (loopbacks have priority). Beware that this can be changed on-the-fly; if you configure a Loopback with a higher IP address and include it in IS-IS the originator IP will change and the distance command will not work anymore.
From Routing Protocols Command Reference, Release 12.2:
When an IS-IS router advertises its link-state information, it includes one of its own IP addresses to be used as the originator IP address. When other routers calculate IP routes, they can store the originator IP address with each route in the routing table.
Eduard
Blogs and organic groups at http://www.ccie.net
_______________________________________________________________________ Subscription information may be found at: http://www.groupstudy.com/list/CCIELab.html