RD-CSY3021
1
Preventing Propagation of routing
information
When using an on-demand WAN link
• To minimize, or stop entirely, the exchange of routing
update information across this type of link; otherwise, the
link will remain up constantly
To prevent routing loops
• When a path is learned to the same destination by two
different routing protocols, you may want to filter the
propagation of one of the paths
To preserve bandwidth
• To ensure maximum bandwidth availability for data traffic
by reducing unnecessary routing update traffic
RD-CSY3021
2
Passive interface
1.
Prevents all routing updates from being sent through an
interface
2.
Default routes
1.
Instructs the router that if it does not have a route for a
given destination, to send the packet to the default route
3.
Static routes
1.
A route to a destination that is configured in the router
4.
Route update filtering
 Use access lists to filter route update traffic about specific
networks
1.
5.
Route Maps – Policy Routing
RD-CSY3021
3

With most protocols passive interface stops the router from
sending updates to a particular neighbor, but continues to
listen and use routing updates from that neighbor
In OSPF the interface address you specify as passive appears as a
stub network in the OSPF domain.
 OSPF routing information is neither sent nor received through the
specified router interface
In EIGRP, passive interface causes the router to stop sending hello
packets.
 When this happens, the router can't form neighbor adjacencies on
the interface or send or receive routing updates
 To achieve the common effect of passive interface with EIGRP, use
the distribute-list command
RD-CSY3021
4
RD-CSY3021
5
Gateway of Last Resort



The gateway of last resort is a routing entry that the router
forwards packets to when it lacks a more specific route to a
network
When IP routing is Enabled
1. The ip default-network to tag a route as a gateway of last
resort

Router(config)#ip default-network 171.70.24.0

Propagated differently depending on which protocol is
propagating the default route
 For IGRP/EIGRP to, the network specified must be a
IGRP or EIGRP derived network in the routing table or
advertised into these protocols using ‘network’
command
2. Create a Static Route to quad zero (0.0.0.0 0.0.0.0)
 Router (config)# ip route 0.0.0.0 0.0.0.0
 IGRP can not understand a route to 0.0.0.0
When IP routing is disabled,
 Router(config) # ip default-gateway 172.16.15.4
Can a router have multiple IP default networks entered ?
2513#show ip route
Gateway of last resort is not set
161.44.0.0/24 is subnetted, 1 subnets
C 161.44.192.0 is directly connected,
Ethernet0
131.108.0.0/24 is subnetted, 1
subnets
C 131.108.99.0 is directly connected,
Serial0
S 198.10.1.0/24 [1/0] via 161.44.192.2
6
2

2513(config)#ip default−network 198.10.1.0,

2513#show ip route

Gateway of last resort is 161.44.192.2 to network 198.10.1.0

161.44.0.0/24 is subnetted, 1 subnets

C 161.44.192.0 is directly connected, Ethernet0

131.108.0.0/24 is subnetted, 1 subnets

C 131.108.99.0 is directly connected, Serial0

S* 198.10.1.0/24 [1/0] via 161.44.192.2
Add another default gateway
2513(config)#ip route 171.70.24.0 255.255.255.0 131.108.99.2
2513(config)#ip default−network 171.70.24.0
3 2513#show ip route

Gateway of last resort is 161.44.192.2 to network 198.10.1.0

171.70.0.0/16 is variably subnetted, 2 subnets, 2 masks

S 171.70.0.0/16 [1/0] via 171.70.24.0

S 171.70.24.0/24 [1/0] via 131.108.99.2

161.44.0.0/24 is subnetted, 1 subnets

C 161.44.192.0 is directly connected, Ethernet0

131.108.0.0/24 is subnetted, 1 subnets

C 131.108.99.0 is directly connected, Serial0

S* 198.10.1.0/24 [1/0] via 161.44.192.2
1
2513#show ip route
Gateway of last resort is not set
161.44.0.0/24 is subnetted, 1 subnets
C 161.44.192.0 is directly connected, Ethernet0
131.108.0.0/24 is subnetted, 1 subnets
C 131.108.99.0 is directly connected, Serial0
S 198.10.1.0/24 [1/0] via 161.44.192.2
Why is the network not flagged as default
network
RD-CSY3021
7














The ip default−network command is classful. This means that if the router has a
route to the subnet indicated by this command, it installs the route to the major
net.
At this point neither network has been flagged as the default network. The ip
default−network command must be issued again, using the major net, in order to
flag the candidate default route.
2513(config)#ip default−network 171.70.0.0
2513(config)#^Z
2513#show ip route
Gateway of last resort is 171.70.24.0 to network 171.70.0.0
* 171.70.0.0/16 is variably subnetted, 2 subnets, 2 masks
S* 171.70.0.0/16 [1/0] via 171.70.24.0
S 171.70.24.0/24 [1/0] via 131.108.99.2
161.44.0.0/24 is subnetted, 1 subnets
C 161.44.192.0 is directly connected, Ethernet0
131.108.0.0/24 is subnetted, 1 subnets
C 131.108.99.0 is directly connected, Serial0
S* 198.10.1.0/24 [1/0] via 161.44.192.2
RD-CSY3021
8



Significant overhead can be created by packets for
routes that do not exist.
the router may want to send an Internet Control
Message Protocol (ICMP) host or networkunreachable message for each un-routable packet
One solution is to configure a route to the null0
interface
 a legitimate interface that accepts the packets
and then throws them away
 No ICMP host or network-unreachable messages
are sent for packets forwarded to null0
RD-CSY3021
9





Route maps are similar to a scripting language:
A list of statements composes a route map.
The list is processed top-down like an access
list.
The first match found for a route is applied.
The sequence number is used for inserting or
deleting specific route map statements.
route-map my_bgp permit 10
{ match statements }
{ match statements }
{ set statements }
{ set statements }
route-map my_bgp deny 20
::
::
::
::
::
::
route-map my_bgp permit 30
::
::
::
::
::
::
RD-CSY3021
10
router(config)#
route-map map-tag [permit | deny] [sequence-number]
 Defines the route map conditions
router(config-route-map)#
match {conditions}
 Defines the conditions to match
router(config-route-map)#
set {actions}
 Defines the action to be taken on a match
router(config-router)#
redistribute protocol [process id] route-map map-tag
 Allows for detailed control of routes being redistributed into a routing
protocol
RD-CSY3021
11
 The match statement may contain multiple references.
 Multiple match criteria in the same line use a logical OR.
 Each vertical match uses a logical AND.
 All match statements must permit the route for it to remain a
candidate for redistribution.
 Route map permit or deny determines if the candidate
will be redistributed.
RD-CSY3021
12



With normal routing, all the packets
from 10.0.0.0/8 network to the
Internet will take the path through
interface ethernet 0/0 of Cisco WAN
Router (via 172.16.187.0/24
subnet) as it is the best path with
least metric.
Policy-based routing can be used
such that these packets take the
path through the Firewall to the
Internet, normal routing behavior
has to be overridden by configuring
policy routing.
The firewall translates all the
packets from 10.0.0.0/8 network
going to the Internet, which is
however not necessary for policy
routing to work.
•interface Ethernet3/0
•ip address 172.16.79.3 255.255.255.0
•ip policy route-map net-10
•access-list 111 permit ip 10.0.0.0
0.255.255.255 any
• route-map net-10 permit 10
•match ip address 111
•set interface Ethernet0/1
• route-map net-10 permit 20
13
Command
Description
match community
Matches a BGP community
match interface
Matches any routes that have the next hop out of one of the
interfaces specified
match ip address
Matches any routes that have a destination network number
address that is permitted by a standard or extended ACL
match ip next-hop
Matches any routes that have a next-hop router address that is
passed by one of the ACLs specified
match ip routesource
Matches routes that have been advertised by routers and access
servers at the address that is specified by the ACLs
match length
Matches based on the layer 3 length of a packet
match metric
Matches routes with the metric specified
match route-type
Matches routes of the specified type
match tag
Matches tag of a route


A distribute-list is used to control
routing updates either coming TO
router or leaving your router.
Example: we want to filter out
route 100.200.100.1/32.
◦ define an ACL that identifies
that route, denies it, and allows
all other traffic
◦ Create a Distribute-List that
references the ACL and defines
the direction
◦ Go into the routing process
 we want to filter OSPF routes
so we go into the OSPF
routing process configuration
◦ Verify that the route has been
removed








Router# show ip route
Gateway of last resort is not set
100.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
O 100.200.200.1/32 [110/11] via 172.16.100.29, 00:00:10,
Ethernet0
O 100.200.100.1/32 [110/11] via 172.16.100.29, 00:00:10,
Ethernet0
C 100.100.250.0/24 is directly connected, Loopback0
172.16.0.0/24 is subnetted, 1 subnets
C 172.16.100.0 is directly connected, Ethernet0

Define Access list
Router(config)# access-list 50 deny 100.200.100.1
Router(config)# access-list 50 permit any

OSPF ROUTING PROCESS CONFIGURATION












Router(config)# router ospf 10
Router(config-router)# distribute-list 50 in
Verify route
Router# sh ip route
…
100.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
O 100.200.200.1/32 [110/11] via 172.16.100.29, 00:11:39, Ethernet0
C 100.100.250.0/24 is directly connected, Loopback0
172.16.0.0/24 is subnetted, 1 subnets
C 172.16.100.0 is directly connected, Ethernet0
RD-CSY3021
15
Router(config-router)#
distance administrative distance [address wildcard-mask
[access-list-number | name]]
 Used for all protocols except EIGRP and BGP redistribution
Router(config-router)#
distance eigrp internal-distance external-distance
 Used for EIGRP
RD-CSY3021
16