[c-nsp] BGP/route-map/acl question/logic...
CiscoNSP List
cisconsp_list at hotmail.com
Tue Feb 3 03:10:32 EST 2015
Thanks very much Karsten - So, matches from route-map section 10, are not carried through to route-map section 20 (Section 20, basically allows all, and just tags)?
> Date: Tue, 3 Feb 2015 08:14:13 +0100
> From: karsten_thomann at linfre.de
> To: cisconsp_list at hotmail.com
> CC: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] BGP/route-map/acl question/logic...
>
> Hi,
>
> if you want to deny the prefix you have to use deny ;)
> The untested version of your route-map should do the expected, but you
> don't need the continue 20 as the continue doesn't work with a deny.
>
> Karsten
>
> Am 03.02.2015 06:21, schrieb CiscoNSP List:
> > Hi Everyone,
> >
> > If I want to block certain prefixes from an upstream, and accept the rest and then tag the accepted prefixes, which is the correct method..I *thought* the first one was correct, but it doesnt do what I expected...i.e. the ACL gets a hit on deny 10.0.0.0/24, but it is still allowed(i.e We still receive the prefix)?:
> >
> > route-map UPSTREAM_A_IN permit 10
> > match ip address 98
> > continue 20
> > route-map UPSTREAM_A_IN permit 20
> > set community 12345:10000
> >
> > access-list 98 deny 10.0.0.0 0.255.255.255
> > access-list 98 permit any
> >
> > or...(I havent tested this one yet):
> >
> > route-map UPSTREAM_A_IN deny 10
> > match ip address 98
> > continue 20
> > route-map UPSTREAM_A_IN permit 20
> > set community 12345:10000
> >
> > access-list 98 permit 10.0.0.0 0.255.255.255
> >
> > Cheers.
> >
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list