If you are working with the Nexus NX-OS and you want to redistribute static routes into EIGRP you MUST use route-maps. See below on how to use these in Nexus.

In IOS you have a lot of lazy ways to redistribute static routes into EIGRP which can cause issues on your network. However, in Cisco NX-OS they require the use of route-maps; however, they don’t place restrictions on what the route-map references to perform filtering. I will evaluate two methods: ip access-lists and ip prefix-lists and why I prefer ip prefix-lists to perform redistribution

ip access-lists (extended only)

With this method you would deny the routes you don’t (or permit those you want) in using an extended access list; however, this is not as “clear cut” as it may seem. Lets setup the route-map and access-list:

ip access-list extended no_10 deny host 10.0.0.0 host 255.255.255.0

ip access-list extended no_10 permit host any any

route-map no_10_subnet permit 10

match ip address no_10

redistribute static route-map no_10_subnet

I will not be held liable to any craziness that comes from following that configuration and here is why. When you use an access-list to filter or redistribute routes into another routing process you may be surprised about how it uses the access-list. In the above access-list the router/switch will compare the SUBNET portion of an address (in this case a static address) to the SOURCE address part of the access-list. The router will then compare the NETWORK MASK portion of the static route being evaluated with the DESTINATION section of the access-list. So, here is how it would look if the router were evaluating 10.0.0.0/24 and 10.1.1.0/24 to be redistributed into EIGRP: It will take 10.0.0.0 and compare it to the source section of the IP address: (host 10.0.0.0) and this WILL be a match. Next, the router/switch will compare the netmask section of the static route (/24) to the DESTINATION section of the access-list (host 255.255.255.0) and it will match the first sequence in the prefix-list and get DENIED.

Now, for 10.1.1.0/24. This is where it can get tricky, the router will compare 10.1.1.0 to (host 10.0.0.0) and it will NOT match and then move on to the next sequence to permit all and the static route to a “10 network” will be redistributed. This would get tricky if you did NOT use the “host” statement in the access-list and used different masks in the SOURCE and DESTINATION section. That is, literally, a whole new article to write because it is THAT confusing! Just know the method of using access-lists for redistributing is NOT recommended.

ip prefix-lists

With this method you can setup each item in the prefix-list to include a subnet but also varying netmasks!

ip prefix-list no_10_nets seq 5 deny 10.0.0.0/8 le 32 ge 24

ip prefix-lists no_10_nets seq 10 permit 0.0.0.0/0 le 32

route-map no_10 permit 5

match ip address prefix-list no_10_nets

This prefix-list basically states: match all 10.0.0.0 who have network masks between /32 down to /24; however, it will NOT filter 10.0.0.0/8 because that is not included in the list of matching prefixes to match (/32-/24) and you’re hopefully not  using a /8 subnet in your network.

See how easy that was to explain? Thus, it is HIGHLY recommended to use prefix-lists instead of access-lists to avoid confusion. Cisco did a great job in Nexus by requiring a route-map but didn’t place further restrictions on redistribution so you must be careful when redistributing routes.


Comments are closed.