Introduction to Route-maps

Route-maps are the “if-then” programming solution for Cisco devices.  A route-map allows you to check for certain match conditions and (optionally) set a value.

Here are some quick examples:

  • Only advertise some EIGRP routes to your neighbor.
    • Example: if prefix matches in access-list then advertise it.
  • Set BGP attributes based on certain match conditions.
    • Example: if prefix matches then set the local preference to 500.
  • Redistribute networks from OSPF into EIGRP based on certain match conditions.
    • Example: if prefix matches then redistribute it from OSPF into EIGRP.
  • Change the next hop IP address with policy-based routing.
    • Example: if packet length > 500 bytes, change the next hop IP address to

Route-maps are a bit like access-lists on steroids. They are far more powerful since besides prefixes, there are a lot of different match conditions and you set certain values.

In this lesson, I’ll give you a global overview of how route-maps work and I’ll show you how to configure them.

Like access-lists, route-maps work with different permit or deny statements:

Route Map Overview

We start at the top and process the first statement. There are two possible outcomes:

  • Match: there is a match, we apply our action and that’s it. We don’t check the other route-map statements to see if there is another match.
  • No match: we continue and check the next route-map statement.

When you don’t have any matches, we hit the invisible implicit deny at the bottom of the route-map. This is similar to how an access-list works.

Each route-map can have one or more match conditions. Here’s an example:

Route Map Match Condition

Our first two statements (10 and 20) have a match condition. There are a lot of possible match conditions. To name a few:

  • prefix-list
  • access-list
  • BGP local preference
  • BGP AS path
  • Packet Length
  • And many more…

If you don’t have a match condition then your statement matches everything.

Besides a match condition, we can also change something with a set command:

Route Map Set

Route-map statements 10 and 30 have a set command. Here are some examples of set commands:

  • Change the BGP AS path length.
  • Set a BGP community.
  • Set the BGP weight.
  • Set the metric of an OSPF or EIGRP route in redistribution.
  • Set a redistribution tag.
  • Set the next hop IP address in policy-based routing.
  • Set the DSCP value of an IP packet.
  • And many other options…

This is the “if-then” logic of the route-map. IF we match a certain match condition, then SET something.

The best way to learn about route-maps is to see them in action.


To demonstrate route-maps, we need to create route-maps and have something to apply them to.  I’ll use two routers for this lesson:

R1 R2 Gigabit Interfaces

EIGRP is pre-configured and R1 advertises some loopback interfaces to R2. We’ll use route-maps to filter networks that R1 advertises to R2.


Want to take a look for yourself? Here you will find the startup configuration of each device.


hostname R1
ip cef
interface Loopback0
 ip address
interface Loopback1
 ip address
interface Loopback2
 ip address
interface Loopback3
 ip address
interface GigabitEthernet0/1
 ip address
router eigrp 1


hostname R2
ip cef
interface GigabitEthernet0/1
 ip address
router eigrp 1

R2 has learned these four networks:

R2#show ip route eigrp | include /24

Let’s see what we can do with route-maps.

Match Condition- Permit

Let’s create a new route-map and see what options we have:

R2(config)#route-map ?
WORD  Route map tag

First, we need to give it a name. Let’s call it TEST_1:

R2(config)#route-map TEST_1 ?
  <0-65535>  Sequence to insert to/delete from existing route-map entry
  deny       Route map denies set operations
  permit     Route map permits set operations

I can choose between a permit or deny statement. So far, this is similar to how an access-list looks. Let’s go for permit and use sequence number 10:

R2(config)#route-map TEST_1 permit 10

Let’s look at the options of our route-map:

    Route Map configuration commands:
      continue     Continue on a different entry within the route-map
      default      Set a command to its defaults
      description  Route-map comment
      exit         Exit from route-map configuration mode
      help         Description of the interactive help system
      match        Match values from routing table
      no           Negate a command or set its defaults
      set          Set values in destination routing protocol

There are a couple of options to choose from. We’ll start with match:

R2(config-route-map)#match ?
    additional-paths  BGP Add-Path match policies
    as-path           Match BGP AS path list
    clns              CLNS information
    community         Match BGP community list
    extcommunity      Match BGP/VPN extended community list
    interface         Match first hop interface of route
    ip                IP specific information
    ipv6              IPv6 specific information
    length            Packet length
    local-preference  Local preference for route
    mdt-group         Match routes corresponding to MDT group
    metric            Match metric of route
    mpls-label        Match routes which have MPLS labels
    policy-list       Match IP policy list
    route-type        Match route-type of route
    rpki              Match RPKI state of route
    security-group    Security Group
    source-protocol   Match source-protocol of route
    tag               Match tag of route
    track             tracking object

Above, you see a big list of stuff you can match on. I want to use an access-list as my match condition. We can find this under the ip parameter:

R2(config-route-map)#match ip ?                      
    address                Match address of route or match packet
    flowspec               Match src/dest prefix component of flowspec prefix
    next-hop               Match next-hop address of route
    redistribution-source  route redistribution source (EIGRP only)
    route-source           Match advertising source address of route

We have a couple of options. Let’s pick address:

R2(config-route-map)#match ip address ?
    <1-199>      IP access-list number
    <1300-2699>  IP access-list number (expanded range)
    WORD         IP access-list name
    prefix-list  Match entries of prefix-lists

Now I can choose between an access-list of prefix-list. Let’s refer to an access-list called “R1_L0_PERMIT”:

R2(config-route-map)#match ip address R1_L0_PERMIT

We now have a route-map…great! It doesn’t do anything yet though, and we still need to create that access-list.

Access-list Permit

Let’s create the access-list that we refer to in our route-map. I’ll create a permit statement that matches network

R2(config)#ip access-list standard R1_L0_PERMIT 

The only thing left to do is to attach our route-map to something. We’ll keep it simple, I’ll attach it to a distribute-list in EIGRP. This allows us to filter networks that R1 advertises to R2:

R2(config)#router eigrp 1
R2(config-router)#distribute-list route-map TEST_1 in

What I like about EIGRP is that it resyncs when you apply a distribute-list. This helps to speed things up when testing. You’ll see the following message on your console:

 %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor (GigabitEthernet0/1) is resync: route configuration changed

Right now, we have the following access-list and route-map:

ip access-list standard R1_L0_PERMIT

route-map TEST_1 permit 10
 match ip address R1_L0_PERMIT

Let’s check the routing table of R2:

R2#show ip route eigrp | include /24

We only see the network. What happened?

  • Our route-map has a single permit statement that has our access-list as a match condition.
  • Our access-list has a single permit statement for
  • Everything else is denied in the access-list by the invisible implicit deny any.
  • We only have one route-map statement so we hit the invisible implicit deny any in the route-map.

Let’s continue with our next example.

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You’ve Ever Spent on Your Cisco Career!
  • Full Access to our 739 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

542 Sign Ups in the last 30 days

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Forum Replies

  1. Hi together,
    As I red through your Introduction, there was one thing I missed.
    It was the following:

    Which logical operation (AND; OR) gets used in the following scenarios:

    Scenario 1:
    route-map TEST-MAP permit 10
    match ip address ACL1 ACL2

    Scenario 2:
    route-map TEST-MAP permit 10
    match ip address ACL1
    match ip next-hop ACL2

    The following article described it but I want to be sure that I’m right with my assumption:
    Scenario 1 = Logical OR (either of the ACLs need to have a match)
    Scenario 2 = Logical AND (bo

    ... Continue reading in our forum

  2. Hello Marcel

    Take a look at this Cisco Documentation:

    On page 20-2 it states the following:

    • If several match commands are present in a clause, all must succeed for a given route in order for that route to match the clause (in other words, the logical AND algorithm is applied for multiple match commands).
    • If a match command refers to several objects in one command, either of them should match (the logical OR algorithm is applied). For example, in the match ip add
    ... Continue reading in our forum

  3. Hello Justin

    Rene created the R1_L0_PERMIT access list with a permit statement for the subnet. This was then referenced by the TEST_3 route map with a deny statement for matches to this access list.

    So this route map is applied to the distribute-list of EIGRP. Now a router sends the following four subnets via EIGRP and they are “filtered” through this distribute list:


    ... Continue reading in our forum

  4. Hello Justin

    No problem, this is an opportunity to clarify things for both you and all our readers.

    When we say that the route map will stop processing whenever a match is achieved, for your particular scenario, this is the case for each individual prefix.

    So you have It goes through the route map statements and matches sequence number 10. It is denied, but it was a match, so no more statements are

    ... Continue reading in our forum

41 more replies! Ask a question or join the discussion by visiting our Community Forum