Introduction to Route-maps

Route-maps are the “if-then” programming solution for Cisco devices.  A route-map allows you to check for certain match conditions and (optionally) set a value.

Here are some quick examples:

  • Only advertise some EIGRP routes to your neighbor.
    • Example: if prefix matches in access-list then advertise it.
  • Set BGP attributes based on certain match conditions.
    • Example: if prefix matches then set the local preference to 500.
  • Redistribute networks from OSPF into EIGRP based on certain match conditions.
    • Example: if prefix matches then redistribute it from OSPF into EIGRP.
  • Change the next hop IP address with policy-based routing.
    • Example: if packet length > 500 bytes, change the next hop IP address to

Route-maps are a bit like access-lists on steroids. They are far more powerful since besides prefixes, there are a lot of different match conditions and you set certain values.

In this lesson, I’ll give you a global overview of how route-maps work and I’ll show you how to configure them.

Like access-lists, route-maps work with different permit or deny statements:

Route Map Overview

We start at the top and process the first statement. There are two possible outcomes:

  • Match: there is a match, we apply our action and that’s it. We don’t check the other route-map statements to see if there is another match.
  • No match: we continue and check the next route-map statement.

When you don’t have any matches, we hit the invisible implicit deny at the bottom of the route-map. This is similar to how an access-list works.

Each route-map can have one or more match conditions. Here’s an example:

Route Map Match Condition

Our first two statements (10 and 20) have a match condition. There are a lot of possible match conditions. To name a few:

  • prefix-list
  • access-list
  • BGP local preference
  • BGP AS path
  • Packet Length
  • And many more…

If you don’t have a match condition then your statement matches everything.

Besides a match condition, we can also change something with a set command:

Route Map Set

Route-map statements 10 and 30 have a set command. Here are some examples of set commands:

  • Change the BGP AS path length.
  • Set a BGP community.
  • Set the BGP weight.
  • Set the metric of an OSPF or EIGRP route in redistribution.
  • Set a redistribution tag.
  • Set the next hop IP address in policy-based routing.
  • Set the DSCP value of an IP packet.
  • And many other options…

This is the “if-then” logic of the route-map. IF we match a certain match condition, then SET something.

The best way to learn about route-maps is to see them in action.


To demonstrate route-maps, we need to create route-maps and have something to apply them to.  I’ll use two routers for this lesson:

R1 R2 Gigabit Interfaces

EIGRP is pre-configured and R1 advertises some loopback interfaces to R2. We’ll use route-maps to filter networks that R1 advertises to R2.


Want to take a look for yourself? Here you will find the startup configuration of each device.


hostname R1
ip cef
interface Loopback0
 ip address
interface Loopback1
 ip address
interface Loopback2
 ip address
interface Loopback3
 ip address
interface GigabitEthernet0/1
 ip address
router eigrp 1


hostname R2
ip cef
interface GigabitEthernet0/1
 ip address
router eigrp 1

R2 has learned these four networks:

R2#show ip route eigrp | include /24

Let’s see what we can do with route-maps.

Match Condition- Permit

Let’s create a new route-map and see what options we have:

R2(config)#route-map ?
WORD  Route map tag

First, we need to give it a name. Let’s call it TEST_1:

R2(config)#route-map TEST_1 ?
  <0-65535>  Sequence to insert to/delete from existing route-map entry
  deny       Route map denies set operations
  permit     Route map permits set operations

I can choose between a permit or deny statement. So far, this is similar to how an access-list looks. Let’s go for permit and use sequence number 10:

R2(config)#route-map TEST_1 permit 10

Let’s look at the options of our route-map:

    Route Map configuration commands:
      continue     Continue on a different entry within the route-map
      default      Set a command to its defaults
      description  Route-map comment
      exit         Exit from route-map configuration mode
      help         Description of the interactive help system
      match        Match values from routing table
      no           Negate a command or set its defaults
      set          Set values in destination routing protocol

There are a couple of options to choose from. We’ll start with match:

R2(config-route-map)#match ?
    additional-paths  BGP Add-Path match policies
    as-path           Match BGP AS path list
    clns              CLNS information
    community         Match BGP community list
    extcommunity      Match BGP/VPN extended community list
    interface         Match first hop interface of route
    ip                IP specific information
    ipv6              IPv6 specific information
    length            Packet length
    local-preference  Local preference for route
    mdt-group         Match routes corresponding to MDT group
    metric            Match metric of route
    mpls-label        Match routes which have MPLS labels
    policy-list       Match IP policy list
    route-type        Match route-type of route
    rpki              Match RPKI state of route
    security-group    Security Group
    source-protocol   Match source-protocol of route
    tag               Match tag of route
    track             tracking object

Above, you see a big list of stuff you can match on. I want to use an access-list as my match condition. We can find this under the ip parameter:

R2(config-route-map)#match ip ?                      
    address                Match address of route or match packet
    flowspec               Match src/dest prefix component of flowspec prefix
    next-hop               Match next-hop address of route
    redistribution-source  route redistribution source (EIGRP only)
    route-source           Match advertising source address of route

We have a couple of options. Let’s pick address:

R2(config-route-map)#match ip address ?
    <1-199>      IP access-list number
    <1300-2699>  IP access-list number (expanded range)
    WORD         IP access-list name
    prefix-list  Match entries of prefix-lists

Now I can choose between an access-list of prefix-list. Let’s refer to an access-list called “R1_L0_PERMIT”:

R2(config-route-map)#match ip address R1_L0_PERMIT

We now have a route-map…great! It doesn’t do anything yet though, and we still need to create that access-list.

Access-list Permit

Let’s create the access-list that we refer to in our route-map. I’ll create a permit statement that matches network

R2(config)#ip access-list standard R1_L0_PERMIT 

The only thing left to do is to attach our route-map to something. We’ll keep it simple, I’ll attach it to a distribute-list in EIGRP. This allows us to filter networks that R1 advertises to R2:

R2(config)#router eigrp 1
R2(config-router)#distribute-list route-map TEST_1 in

What I like about EIGRP is that it resyncs when you apply a distribute-list. This helps to speed things up when testing. You’ll see the following message on your console:

 %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor (GigabitEthernet0/1) is resync: route configuration changed

Right now, we have the following access-list and route-map:

ip access-list standard R1_L0_PERMIT

route-map TEST_1 permit 10
 match ip address R1_L0_PERMIT

Let’s check the routing table of R2:

R2#show ip route eigrp | include /24

We only see the network. What happened?

  • Our route-map has a single permit statement that has our access-list as a match condition.
  • Our access-list has a single permit statement for
  • Everything else is denied in the access-list by the invisible implicit deny any.
  • We only have one route-map statement so we hit the invisible implicit deny any in the route-map.

Let’s continue with our next example.

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You’ve Ever Spent on Your Cisco Career!
  • Full Access to our 787 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

637 Sign Ups in the last 30 days

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Forum Replies

  1. Hi Rene, great post!

    I am looking for a route-map quite difficult to apply to my BGP.

    The target is to filter packets with an specific source network and all loopbacks within a specific destination range. I have tried it with a route-map with an ACL for the source network and a prefix-list for the destinations and a set policy to route it to a next-hop pointing to null but it is not allowed…

    % prefix-list and access-list can not co-exist in one route-map sequence.

    Any idea how can I achieve this?

  2. Hello Jose Luis,

    This will be difficult. You can use a route-map in combination with BGP for inbound or outbound filtering. For example, when you receive routes, you can use a route-map to permit/deny the routes you want to install. When you advertise routes, you can use a route-map to define the routes that you want to advertise to your peer.

    When you want to filter traffic based on source and/or destination addresses, you need different tools like access-lists and apply those to interfaces or use something like CBAC/ZBF.


  3. Hi Rene, Thank you for your response,

    My goal is using this router as a filter to avoid a source to reach some remote destinations, but the difficulty here is the fact I only want to filter /32 destinations within a network, let’s say

    I do not want to filter advertisements as the remote routers or equipments in between could I need them, I just want if my router look to packet with source X.X.X.X / 28 that want to reach Y.Y.Y.Y / 32 and then discard it. tacking into account that this router has not clue about / 32 but about the full network.


  4. Rene
    I have a route-map issue maybe you canhelp
    how many route maps can you have within BGP pointing to a peer?
    The reason I ask this is I have currently 2 route maps which prefix list on a 25. X network
    and I am migrating to the 10.X network

  5. Hello Michael

    For each neighbor, you can specify a single route-map to filter prefixes. This is done in a command similar to this:

    neighbor route-map NEIGHBORS out

    where NEIGHBORS is the name of the route-map. However, you can include several statements within the route-map that will match the criteria you need for your application. Take a look at the route-map section of this lesson for more examples:

    I hope this has been helpful!


80 more replies! Ask a question or join the discussion by visiting our Community Forum