[c-nsp] BGP/route-map/acl question/logic...
Gert Doering
gert at greenie.muc.de
Tue Feb 3 03:26:56 EST 2015
Hi,
On Tue, Feb 03, 2015 at 04:21:42PM +1100, CiscoNSP List wrote:
> route-map UPSTREAM_A_IN permit 10
> match ip address 98
> continue 20
> route-map UPSTREAM_A_IN permit 20
> set community 12345:10000
>
> access-list 98 deny 10.0.0.0 0.255.255.255
> access-list 98 permit any
Why fiddle with continue? "Continue to next block" will effectively turn
this into a no-operation
- if it matches, go to 20
- if it does not match, go to next block, which happens to be 20
read up on route-maps :-)
I'd do:
route-map UPSTREAM_A_IN deny 10
match ip address 98
route-map UPSTREAM_A_IN permit 20
set community 12345:10000
access-list 98 permit 10.0.0.0 0.255.255.255
access-list 98 deny any
(-> positive match on what you want to drop, then drop. If no match,
fall through to 20, tag)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 291 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20150203/86bc900c/attachment.sig>
More information about the cisco-nsp
mailing list