System information

ManualsBrandsDestination Audio ManualsComputer equipmentCS500C

121

122

123

124

125

126

127

128

129

130

Troubleshooting TCP/IP

Book Title

7-126

Misconﬁgured

route ﬁltering

Step 1 Use the show running-conﬁg command to check suspect routers.

Step 2 See if there are any distribute-list in or distribute-list out router

conﬁguration commands conﬁgured on the router.

The distribute-list in command prevents speciﬁc information learned in

LSAs

from being included in the OSPF routing table. The distribute-list

out command prevents a router from including speciﬁc information in

routing updates that it transmits. However, in OSPF, distribute-list out

can be conﬁgured only on an ASBR

to ﬁlter external routes.

Note: Although distribute-list commands prevent speciﬁc information

from being included in the OSPF routing table, information about those

networks is contained in the link-state database and is ﬂooded through the

network in LSAs. This means that downstream routers will include that

information in their routing tables unless they, too, ﬁlter those routes from

the routing table.

Misconﬁgured

route ﬁltering

Step 3 If distribute-list commands are conﬁgured on the router, disable them

using the no version of the command.

For example, to disable an incoming ﬁlter that references access list 10,

enter the following command:

C7500(config)#no distribute-list 10 in

Step 4

After disabling all distribution lists, use the clear ip route privileged exec

command to clear the routing table.

Step 5 Determine whether the routes appear in the routing table by using the

show ip route privileged exec command. If routes appear properly in the

routing table, the access list referenced by the distribute-list command is

probably conﬁgured to deny certain updates.

Step 6 To isolate the problem list, enable distribution lists one at a time until the

routes no longer appear in the table.

Step 7 Use the show running-conﬁg command and check the access list to make

sure it does not deny updates inappropriately. If the access list denies

updates from speciﬁc addresses, make sure that it does not deny the

address of a router from which routing updates should be received.

Change the access list to allow the router to receive updates from the

proper addresses. At the end of every access list is an implied “deny all

trafﬁc” criteria statement. Therefore, if a packet does not match any of

your criteria statements, the packet is blocked. Conﬁgure explicit permit

statements for those addresses from which the router should receive

updates.

Step 8 If you altered an access list, enable the distribution list using the

distribute-list command. Use the clear ip route command and check

whether the missing routing information appears in the routing table.

Step 9 If the routes appear in the routing table, perform the preceding steps on

every router in the path until all distribution lists are enabled and routing

information appears properly in the routing table.

For more information on conﬁguring access lists, see the Cisco IOS conﬁguration

guides.

Possible Problem Solution