From: Mike Dickson (Mike@dicksonnetworks.com)
Date: Tue Jul 06 2004 - 23:57:31 GMT-3
RIP V2 supports tags. However, if you are working on your Security
exam, be aware that the PIX will not accept RIP advertisements if any of
the advertised routes are tagged.
Mike Dickson
CCIE #12281, MCSE+Internet, MCDBA
Dickson Network Designs
(512) 422-3192 voice (512) 394-0320 fax
www.dicksonnetworks.com
-----Original Message-----
From: Richard Dumoulin [mailto:richard.dumoulin@vanco.es]
Sent: Tuesday, July 06, 2004 4:36 PM
To: Joseph D. Phillips; group study
Subject: RE: Redistribution Methodology
Hi Joseph,
Have you tested this route-map with RIP ? I believe it does not work ,
--Richard
-----Original Message-----
From: Joseph D. Phillips [mailto:josephdphillips@fastmail.us]
Sent: martes, 06 de julio de 2004 22:28
To: group study
Subject: RE: Redistribution Methodology
Well the advantage of using tags is that you don't need to specify which
networks are which in an access list.
Let's say there are two routing protocols: OSPF and RIPv2
Your statement under router ospf would be something like:
redist rip sub metric-ty 1 metric 50 route-map r2o
Your statement under router rip would look something like:
redist ospf (process no.) metric 2 ma in ex route-map o2r
The route maps would look like:
route-map r2o deny 10
match tag 110 <----stop routes with tag 110 from coming in
route-map r2o perm 20
set tag 120 <-------accept RIP routes and tag them as 120
route-map o2r deny 10
match tag 120 <-----stop routes with tag 120 from coming in
route-map perm 20
set tag 110 <-----accept OSPF routes and tag them as 110
The numbers used to assign tags are arbitrary, but I like to associate
them
with administrative distance.
The purpose of the above route-maps is to prevent route feedback.
It seems to work rather well. I've had no problem with it.
----- Original message -----
From: "Rohan Grover" <rohang@cisco.com>
To: "'Joseph D. Phillips'" <josephdphillips@fastmail.us>, "'group
study'"
<ccielab@groupstudy.com>
Date: Wed, 7 Jul 2004 00:35:02 +0530
Subject: RE: Redistribution Methodology
Hi Joseph,
Can you give an example of how the scenario described below could be
achieved with tags?
Thanks
Rohan
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Joseph D. Phillips
Sent: Wednesday, July 07, 2004 12:23 AM
To: group study
Subject: Redistribution Methodology
Start doing it with tags. There's a good chance you will be asked to do
that
on the exam.
----- Original message -----
From: "Joe Rinehart" <jjrinehart@hotmail.com>
To: "'Group Study (E-mail)'" <ccielab@groupstudy.com>
Date: Tue, 6 Jul 2004 11:42:52 -0700
Subject: Redistribution Methodology
I have a question that has been bugging me for a little while and would
like
to see what the overall opinion is on the subject.
When redistributing routing protocols (I am speaking here mainly of IGP
redistribution), I know that route feedback can be an issue, especially
where mutual redistribution is concerned. Something I have been doing
in
those instances is putting in filters and route maps to prevent that.
Here is the basic methodology, per protocol:
1. Create an access list with the routes to be filtered (i.e., those
already in that IGP that shouldnt be coming back in from another
source).
This is a series of deny statements followed by a permit any statement.
2. Create a route map calling that access list.
3. Configure the redistribute statement under the target IGP calling
that
route map.
Here is an example below, you may recognize it from CPSV2: router eigrp
2003
redistribute ospf 1 route-map filter-eigrp redistribute rip route-map
filter-eigrp passive-interface default no passive-interface
Serial0/0.103105 network 175.10.16.0 0.0.0.255 network 175.10.120.0
0.0.0.255 default-metric 1544 100 254 1 1500 no auto-summary no eigrp
log-neighbor-changes ! router ospf 1 log-adjacency-changes area 0
authentication message-digest area 500 stub redistribute connected
route-map CONNECTED redistribute eigrp 2003 subnets route-map
filter-ospf
redistribute rip subnets route-map filter-ospf network 10.1.1.0
0.0.0.255
area 500 network 192.168.1.0 0.0.0.255 area 100 network 192.168.2.0
0.0.0.255 area 0 ! router rip version 2 redistribute eigrp 2003
route-map
filter-eigrp redistribute ospf 1 route-map filter-eigrp
passive-interface
default no passive-interface Serial0/0.100 network 175.10.0.0
default-metric 5
no auto-summary
access-list 1 deny 175.10.1.0 0.0.0.255
access-list 1 deny 175.10.16.0 0.0.0.255
access-list 1 permit any
access-list 2 deny 175.10.0.0 0.0.63.255
access-list 2 permit any
access-list 3 deny 10.10.1.0 0.0.0.255
access-list 3 deny 10.10.2.0 0.0.0.255
access-list 3 deny 192.200.0.0 0.0.255.255
access-list 3 deny 192.168.0.0 0.0.31.255
access-list 3 permit any
dialer-list 1 protocol ip permit
route-map filter-ospf permit 10
match ip address 3
!
route-map filter-eigrp permit 10
match ip address 1
!
route-map filter-rip permit 10
match ip address 2
Here is my question. I KNOW that this approach works rather splendidly
and
can take pretty much everything into account as a template overall, but
is
this the kind of thing that can cost you points on the exam? I know
that
the rules of thumb are if they dont forbid something you are allowed to
do
it, and ultimately the other test is if it works, but I also know there
is a
subjective aspect as well.
Thoughts?
Joe Rinehart
AT&T
This archive was generated by hypermail 2.1.4 : Sun Aug 01 2004 - 10:11:48 GMT-3