Hello Sameer,
Practical Studies Vol 2
If there is not a corresponding ACL to the *match* statement in the route
map instance, all routes are matched.
The *set *statement, in turn, applies to all routes.
On Sat, Jan 23, 2010 at 12:05 PM, ALL From_NJ <all.from.nj_at_gmail.com> wrote:
> Hello Sameer, I hope this email finds you 'peachy' and doing super. ;-)
>
> Not sure I understand what it is you are trying to accomplish. It sounds
> like you do not want seq 10 to match?
>
> When you deny all packets via the access list ... then what will be left to
> match for this route-map sequence? Nothing ...
>
> Is this what you are seeing / describing?
>
> A simple note concerning route-maps - access lists are for matching or not
> matching. Not deny or permit as in interface ACLs ... so this adds a lot
> of
> flexibility to your design and what you can do with your routing and
> design.
>
> Complicated configs? Yes, you betcha. You can get quite granular in your
> matching and excluding statements. PBR comes before normal routing ... so
> a
> lot you can do.
>
> Here is Cisco's PBR page.
>
> http://www.cisco.biz/en/US/products/ps6599/products_white_paper09186a00800a4409.shtml
>
> You can also find a lot of good info on youtube, just search for PBR, and
> the CCIE vendors websites. Can someone suggest a good vendor link? So
> many
> talented people work for these companies, I am constantly in awe.
>
> A good youtube search:
>
> http://www.youtube.com/results?search_type=search_playlists&search_query=cisco+policy+based+routing&uni=1
>
> HTH,
>
> Andrew Lissitz
>
>
> .
> On Sat, Jan 23, 2010 at 8:28 AM, sameer khan <khanzadap_at_hotmail.com>
> wrote:
>
> > hey all gr8 ppl
> >
> > to best of my understanding empty acl have a implicit deny. but i m
> getting
> > confused about the following
> >
> > route-map PBR-Customer, permit, sequence 10
> > Match clauses:
> > ip address (access-lists): acl-1
> > Set clauses:
> > ip next-hop 10.0.0.1
> >
> > route-map PBR-Customer, permit, sequence 20
> > Match clauses:
> > ip address (access-lists): acl-2
> > Set clauses:
> > ip next-hop 192.168.0.1
> >
> >
> > #show access-lists acl-1
> > Extended IP access list acl-1
> >
> > route-map seq 20 is not getting hit as it should because there is an
> > implicit
> > deny in acl-1. but if i put deny any any i.e. :
> >
> > show access-list acl-1
> > Extended IP access list acl-1
> > 10 deny ip any any (806 matches)
> >
> > everything works fine as it should. PBR is applied on 3560. Can some one
> > highlight the logic
> >
> >
> > Best regards
> >
> >
> > _________________________________________________________________
> > Got a cool Hotmail story? Tell us now
> > http://clk.atdmt.com/UKM/go/195013117/direct/01/
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
> >
>
>
> --
> Andrew Lee Lissitz
> all.from.nj_at_gmail.com
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- It is said that if you know your enemies and know yourself, you will not be imperiled in a hundred battles; if you do not know your enemies but do know yourself, you will win one and lose one; if you do not know your enemies nor yourself, you will be imperiled in every single battle. Blogs and organic groups at http://www.ccie.netReceived on Sat Jan 23 2010 - 13:32:13 ART
This archive was generated by hypermail 2.2.0 : Thu Feb 04 2010 - 20:28:42 ART