From: Pavel Bykov (slidersv@gmail.com)
Date: Mon Jan 05 2009 - 11:11:04 ARST
Guarav,
Raaki said exactly what you labbed out:
i.e. when ACL 121 does not exeist, then all is leaked (permitted).
Raaki,
The answer is simple: If something references ACL that does not exist, it
automatically assumes (permit any)
At least from practical experience.
I.E.:
Step 1:
interface Gi0/1
ip access-group TEST in
---All traffic is permitted. ACL TEST does not exists.
Step 2:
ip access-list standard TEST
end
----All traffic is denied, because of implicit deny.
Therefore with non-existent ACL, it's like having ACL with PERMIT ANY.
On Mon, Jan 5, 2009 at 2:03 PM, GAURAV MADAN <gauravmadan1177@gmail.com>wrote:
> well ,,,,, u are absolutely correct sbt point no 2
>
> i.e if route map is referencing to a non existing ACL ; summary route as
> well as all specific routes will be advertised .
>
> U can lab this up very simply
>
> EX
> =====
>
> R1 -======== R3
>
> Rack1R3(config-if)#do sh ip int br | inc Loop
> Loopback0 150.1.3.3 YES NVRAM up
> up
> Loopback1 11.0.1.1 YES manual up
> up
> Loopback2 11.0.2.1 YES manual up
> up
> Loopback3 11.0.3.1 YES manual up
> up
> Rack1R3(config-if)#
>
> router eigrp 100
> network 10.0.0.3 0.0.0.0
> network 11.0.1.1 0.0.0.0
> network 11.0.2.1 0.0.0.0
> network 11.0.3.1 0.0.0.0
> no auto-summary
>
>
> WHEN I DO FOLLOWING :
>
>
> Rack1R3(config-if)#do sh run int f0/0
> Building configuration...
>
> Current configuration : 144 bytes
> !
> interface FastEthernet0/0
> ip address 10.0.0.3 255.0.0.0
> ip summary-address eigrp 100 11.0.0.0 255.255.252.0 5 <====
> Rack1R1(config-router)#do sh ip route eig
> 11.0.0.0/22 is subnetted, 1 subnets
> D 11.0.0.0 [90/156160] via 10.0.0.3, 00:01:39, FastEthernet0/0
> Rack1R1(config-router)#
>
> BUT IF I DO FOLLOWING :
>
> Rack1R3(config)#do sh route-map TEST
> route-map TEST, permit, sequence 10
> Match clauses:
> ip address (access-lists): 121
> Set clauses:
> Policy routing matches: 0 packets, 0 bytes
>
> BUT ACL 121 do not exist then :
>
> Rack1R1(config-router)#do sh ip route eig
> 11.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
> D 11.0.3.0/24 [90/156160] via 10.0.0.3, 00:00:03, FastEthernet0/0
> D 11.0.2.0/24 [90/156160] via 10.0.0.3, 00:00:03, FastEthernet0/0
> D 11.0.1.0/24 [90/156160] via 10.0.0.3, 00:00:03, FastEthernet0/0
> D 11.0.0.0/22 [90/156160] via 10.0.0.3, 00:02:35, FastEthernet0/0
> Rack1R1(config-router)#
>
> HTH
> Gaurav Madan
>
>
> On 1/5/09, raaki.88@gmail.com <raaki.88@gmail.com> wrote:
> >
> > hello everyone while labbing i got a question stating to advertise
> specific
> > routes and summaraised one ..
> >
> > i knew leak-map would do the trick and happy with it .. now my question
> is
> > leak-map has 3 rules
> >
> > Three rules :
> >
> > If the leak-map is configured to reference a route-map that does not
> exist,
> > only the summary route is advertised and the more specific routes are
> > suppressed
> >
> > If the leak-map is configured to reference a route-map and the route-map
> is
> > referencing an access-list that does not exist , then the summary routes
> > and
> > all
> > the specific routes are advertised
> >
> > If the leakmap is configured to reference a route-map and the route-map
> > matches
> > and acl , all the permitted networks b the acl will be advertised along
> > with
> > the summary route
> >
> >
> > its completely strange for me ... i cant see any logic ... for example if
> > its
> > an acl it will do what ever we wanted to permit or deny
> >
> > so when compared iam fine with first and last points ... straight stuff
> > ..if
> > acl is there it would filter if not it would ignore ..
> >
> > can any one explain me how does the point n0 2 works ?
> >
> > regards
> > raaki
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- Pavel Bykov ---------------- Don't forget to help stopping the braindumps, use of which reduces value of your certifications. Sign the petition at http://www.stopbraindumps.com/Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:36 ARST