From: Steven Weber (itweber@xxxxxxxxxxxxx)
Date: Sun Mar 04 2001 - 19:16:04 GMT-3
what I usually do is not a permit any but rather a second route map
sequence with a permit and no match or set commands for example: route-map TEST
permit 20
this is like a permit any because anything that does not match the first
sequence is implicitly denied
Hope this helps
Steve
----- Original Message -----
From: Chuck Larrieu
To: CCIE_Lab Groupstudy List ;itweber@earthlink.net
Sent: 3/4/01 4:59:50 PM
Subject: RE: Gotcha's - Route map access
list references
no
problemo. for those of us who do not touch this stuff as part of our daily work
,
it is just a bit of a mind bend.
access-list 10 deny 10.0.0.0
0.0.0.0
(
access-list 10 permit any )
interface e 0
ip
access-group 10 in
does
what? behaves how?
as
opposed to
access-list 10 deny 10.0.0.0
0.0.0.0
(
access-list 10 permit any )
NOTE:
I believe that many of us, when constructing access lists to be used with route
maps, do not put this line in, for obvious reasons
route-map TEST deny 10
match
ip addr 10
how
does this behave as opposed to the access-group placed on the
interface
As you
have much more experience on a regular basis than do I, am I understanding this
correctly? Is the behaviour a bit different when used on an interface as oppose
d
to being used in a route-map reference?
thanks.
Chuck
-----Original Message-----
From: Steven Weber
[mailto:itweber@earthlink.net]
Sent: Sunday, March 04, 2001 12:00
PM
To: CCIE_Lab Groupstudy List; Chuck Larrieu
Subject: RE:
Gotcha's - Route map access list references
How is this different than any other route map. From my experiences this is
how I've always done it?
I don't mean to step on toes but please explain how this is any different
than normal
----- Original Message -----
From: Chuck Larrieu
To: CCIE_Lab Groupstudy List
Sent: 3/4/01 3:15:40 PM
Subject: Gotcha's - Route map access list
references
Yes I did look through the archives, because I remember an excellent post
on
this same topic a couple of months ago. However, much as I enjoyed
reading
some questions from some familiar names on this list, I was unable to
find
the damn thing. So...
When structuring access-lists to be used in route-map match
statements:
There is something of a backward way of doing this. I.e.
Access-list 1 deny 10.0.0.0 0.0.0.0 when referenced in the route
map
statement match ip address 1, serves to tell the route-map process to
ignore
this line, rather than consider it.
My specific situation - I want to deny a summary address from being
redistributed back into a protocol from another protocol. Therefore I
want
to match ( i.e. "permit" ) the route using the access-list, but deny
it
using the route-map
Wrong:
Access-list 1 deny 10.0.0.0 0.0.0.0
Route-map DENYSUM permit 10
Match ip addr 1
Wrong:
Access-list 1 deny 10.0.0.0 0.0.0.0
Route-map DENYSUM deny 10
Match ip addr 1
Right:
Access-list 1 permit 10.0.0.0 0.0.0.0
Route-map DENYSUM deny 10
Match ip addr 1
Chuck
----------------------
I am Locutus, a CCIE Lab Proctor. Xx_Brain_dumps_xX are futile. Your life
as
it has been is over ( if you hope to pass ) From this time forward, you
will
study US!
( apologies to the folks at Star Trek TNG )
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:29:20 GMT-3