quick route-map question
With route-maps, if there is more than one match statement, does each match statement need to be met before whatever change is made, or does only one have to match?
for example:
route-map TEST deny 10
match tag 6
match route-type external type-2
match ip address 20
so would this route-map deny things when all the match statements are met or just one?
for example:
route-map TEST deny 10
match tag 6
match route-type external type-2
match ip address 20
so would this route-map deny things when all the match statements are met or just one?
CCIE# 38186
showroute.net
showroute.net
Comments
-
EdTheLad Member Posts: 2,111 ■■■■□□□□□□rakem wrote:With route-maps, if there is more than one match statement, does each match statement need to be met before whatever change is made, or does only one have to match?
for example:
route-map TEST deny 10
match tag 6
match route-type external type-2
match ip address 20
so would this route-map deny things when all the match statements are met or just one?
Its an AND operation in that case,so all 3 arguments need to match.If you want an OR operation you would just add muliple statements under the route-map i.e.
route-map TEST deny 10
match tag 6
route-map TEST deny 11
match route-type external type-2
route-map TEST deny 12
match ip address 20Networking, sometimes i love it, mostly i hate it.Its all about the $$$$ -
rakem Member Posts: 800cool, thats what i thought.
another question.... say i have a route map that is something like:
route-map permit 10
match ip address 1
but then the access list has a deny like:
access-list 1 deny 10.0.0.0 0.0.0.255
access-list 1 deny 11.0.0.0 0.0.0.255
so the route-map is permit but the access-list is deny...
will the subnets be permitted or denied?CCIE# 38186
showroute.net -
dtlokee Member Posts: 2,378 ■■■■□□□□□□in your example line 10 will not match anything because you have 2 explicit deny statements, followed by an implicit deny statement. for the route map to match the subents you will need to change them to permit statements. Depending on the use of this route map you have listed, you mey end up denying all routes (when applied to a routing protocol or redistribution) or in the case of PBR the route map will not change any traffic, all traffic will be routed normally.The only easy day was yesterday!
-
rakem Member Posts: 800ok my question was more along the lines of what happens if there is a permit in the route-map and a deny in the access-list....
say there was a permit any at the end of that access-list. would the 10.0.0.0/8 and the 11.0.0.0/8 be permitted or denied?CCIE# 38186
showroute.net -
dtlokee Member Posts: 2,378 ■■■■□□□□□□Well you haven't specified what the use of this route map will be, it can mean different things in different uses.
In your example you have denied 10.0.0.x and 11.0.0.x in an access-list then used that in a route-map with a permit, since they don't match the match clause (they were denied) the route map will then compare the packet against the next sequence number. Like access lists, there is an implicit dney all (again depending on the use) at the bottom of the rotue-map
so somethng like this
access-list 10 deny 10.0.0.0 0.0.0.255
access-list 10 deny 11.0.0.0 0.0.0.255
access-list 20 permit any
route-map set-dscp permit 10
match ip address 10
set ip precedence critical
route-map set-dscp permit 20
match ip address 20
set ip precedence priority
so what will happen to a packet from 10.0.0.1? Well it dosen't meet the match clasue in sequence 10 so the router will then process it against sequence 20 and it will match this line, then it will set the ip precedence to priorityThe only easy day was yesterday!