[c-nsp] BGP/route-map/acl question/logic...

CiscoNSP List cisconsp_list at hotmail.com
Tue Feb 3 03:10:32 EST 2015


Thanks very much Karsten - So, matches from route-map section 10, are not carried through to route-map section 20 (Section 20, basically allows all, and just tags)?


> Date: Tue, 3 Feb 2015 08:14:13 +0100
> From: karsten_thomann at linfre.de
> To: cisconsp_list at hotmail.com
> CC: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] BGP/route-map/acl question/logic...
> 
> Hi,
> 
> if you want to deny the prefix you have to use deny ;)
> The untested version of your route-map should do the expected, but you 
> don't need the continue 20 as the continue doesn't work with a deny.
> 
> Karsten
> 
> Am 03.02.2015 06:21, schrieb CiscoNSP List:
> > Hi Everyone,
> >
> > If I want to block certain prefixes from an upstream, and accept the rest and then tag the accepted prefixes, which is the correct method..I *thought* the first one was correct, but it doesnt do what I expected...i.e. the ACL gets a hit on deny 10.0.0.0/24, but it is still allowed(i.e We still receive the prefix)?:
> >
> > route-map UPSTREAM_A_IN permit 10
> > match ip address 98
> > continue 20
> > route-map UPSTREAM_A_IN permit 20
> > set community 12345:10000
> >
> > access-list 98 deny   10.0.0.0 0.255.255.255
> > access-list 98 permit any
> >
> > or...(I havent tested this one yet):
> >
> > route-map UPSTREAM_A_IN deny 10
> > match ip address 98
> > continue 20
> > route-map UPSTREAM_A_IN permit 20
> > set community 12345:10000
> >
> > access-list 98 permit   10.0.0.0 0.255.255.255
> >
> > Cheers.
> >   		 	   		
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
 		 	   		  


More information about the cisco-nsp mailing list