[c-nsp] BGP/route-map/acl question/logic...

Gert Doering gert at greenie.muc.de
Tue Feb 3 03:26:56 EST 2015


Hi,

On Tue, Feb 03, 2015 at 04:21:42PM +1100, CiscoNSP List wrote:
> route-map UPSTREAM_A_IN permit 10
> match ip address 98
> continue 20
> route-map UPSTREAM_A_IN permit 20
> set community 12345:10000
> 
> access-list 98 deny   10.0.0.0 0.255.255.255
> access-list 98 permit any

Why fiddle with continue?  "Continue to next block" will effectively turn
this into a no-operation

 - if it matches, go to 20
 - if it does not match, go to next block, which happens to be 20

read up on route-maps :-)

I'd do:

route-map UPSTREAM_A_IN deny 10
match ip address 98

route-map UPSTREAM_A_IN permit 20
set community 12345:10000
 
access-list 98 permit   10.0.0.0 0.255.255.255
access-list 98 deny any

(-> positive match on what you want to drop, then drop.   If no match,
fall through to 20, tag)

gert


-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 291 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20150203/86bc900c/attachment.sig>


More information about the cisco-nsp mailing list