[c-nsp] BGP/route-map/acl question/logic...
Karsten Thomann
karsten_thomann at linfre.de
Tue Feb 3 02:14:13 EST 2015
Hi,
if you want to deny the prefix you have to use deny ;)
The untested version of your route-map should do the expected, but you
don't need the continue 20 as the continue doesn't work with a deny.
Karsten
Am 03.02.2015 06:21, schrieb CiscoNSP List:
> Hi Everyone,
>
> If I want to block certain prefixes from an upstream, and accept the rest and then tag the accepted prefixes, which is the correct method..I *thought* the first one was correct, but it doesnt do what I expected...i.e. the ACL gets a hit on deny 10.0.0.0/24, but it is still allowed(i.e We still receive the prefix)?:
>
> route-map UPSTREAM_A_IN permit 10
> match ip address 98
> continue 20
> route-map UPSTREAM_A_IN permit 20
> set community 12345:10000
>
> access-list 98 deny 10.0.0.0 0.255.255.255
> access-list 98 permit any
>
> or...(I havent tested this one yet):
>
> route-map UPSTREAM_A_IN deny 10
> match ip address 98
> continue 20
> route-map UPSTREAM_A_IN permit 20
> set community 12345:10000
>
> access-list 98 permit 10.0.0.0 0.255.255.255
>
> Cheers.
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list