RE: Gotcha's - Route map access list references

From: Chuck Larrieu (chuck@xxxxxxxxxxxxx)
Date: Sun Mar 04 2001 - 18:59:48 GMT-3

• Next message: Steven Weber: "RE: BGP no sync and Bootcamp Labs"
• Previous message: Rodgers Moore: "Re: DLSW with token ring 3900 configs."
• Maybe in reply to: Chuck Larrieu: "Gotcha's - Route map access list references"
• Next in thread: Steven Weber: "RE: Gotcha's - Route map access list references"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
no problemo. for those of us who do not touch this stuff as part of our
daily work, it is just a bit of a mind bend.

access-list 10 deny 10.0.0.0 0.0.0.0
( access-list 10 permit any )
interface e 0
ip access-group 10 in

does what? behaves how?

as opposed to

access-list 10 deny 10.0.0.0 0.0.0.0
( access-list 10 permit any )
NOTE: I believe that many of us, when constructing access lists to be used
with route maps, do not put this line in, for obvious reasons

route-map TEST deny 10
match ip addr 10

how does this behave as opposed to the access-group placed on the interface

As you have much more experience on a regular basis than do I, am I
understanding this correctly? Is the behaviour a bit different when used on
an interface as opposed to being used in a route-map reference?

thanks.

Chuck

  -----Original Message-----
  From: Steven Weber [mailto:itweber@earthlink.net]
  Sent: Sunday, March 04, 2001 12:00 PM
  To: CCIE_Lab Groupstudy List; Chuck Larrieu
  Subject: RE: Gotcha's - Route map access list references

  How is this different than any other route map. From my experiences this
is how I've always done it?
  I don't mean to step on toes but please explain how this is any different
than normal

    ----- Original Message -----
    From: Chuck Larrieu
    To: CCIE_Lab Groupstudy List
    Sent: 3/4/01 3:15:40 PM
    Subject: Gotcha's - Route map access list references

    Yes I did look through the archives, because I remember an excellent
post on
    this same topic a couple of months ago. However, much as I enjoyed
reading
    some questions from some familiar names on this list, I was unable to
find
    the damn thing. So...

    When structuring access-lists to be used in route-map match statements:

    There is something of a backward way of doing this. I.e.

    Access-list 1 deny 10.0.0.0 0.0.0.0 when referenced in the route map
    statement match ip address 1, serves to tell the route-map process to
ignore
    this line, rather than consider it.

    My specific situation - I want to deny a summary address from being
    redistributed back into a protocol from another protocol. Therefore I
want
    to match ( i.e. "permit" ) the route using the access-list, but deny it
    using the route-map

    Wrong:
    Access-list 1 deny 10.0.0.0 0.0.0.0
    Route-map DENYSUM permit 10
    Match ip addr 1

    Wrong:
    Access-list 1 deny 10.0.0.0 0.0.0.0
    Route-map DENYSUM deny 10
    Match ip addr 1

    Right:
    Access-list 1 permit 10.0.0.0 0.0.0.0
    Route-map DENYSUM deny 10
    Match ip addr 1

    Chuck
    ----------------------
    I am Locutus, a CCIE Lab Proctor. Xx_Brain_dumps_xX are futile. Your
life as
    it has been is over ( if you hope to pass ) From this time forward, you
will
    study US!
    ( apologies to the folks at Star Trek TNG )

• Next message: Steven Weber: "RE: BGP no sync and Bootcamp Labs"
• Previous message: Rodgers Moore: "Re: DLSW with token ring 3900 configs."
• Maybe in reply to: Chuck Larrieu: "Gotcha's - Route map access list references"
• Next in thread: Steven Weber: "RE: Gotcha's - Route map access list references"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:29:20 GMT-3