quick route-map question

rakemrakem Member Posts: 800
With route-maps, if there is more than one match statement, does each match statement need to be met before whatever change is made, or does only one have to match?

for example:

route-map TEST deny 10
match tag 6
match route-type external type-2
match ip address 20

so would this route-map deny things when all the match statements are met or just one?
CCIE# 38186
showroute.net

Comments

  • EdTheLadEdTheLad Member Posts: 2,111 ■■■■□□□□□□
    rakem wrote:
    With route-maps, if there is more than one match statement, does each match statement need to be met before whatever change is made, or does only one have to match?

    for example:

    route-map TEST deny 10
    match tag 6
    match route-type external type-2
    match ip address 20

    so would this route-map deny things when all the match statements are met or just one?

    Its an AND operation in that case,so all 3 arguments need to match.If you want an OR operation you would just add muliple statements under the route-map i.e.

    route-map TEST deny 10
    match tag 6
    route-map TEST deny 11
    match route-type external type-2
    route-map TEST deny 12
    match ip address 20
    Networking, sometimes i love it, mostly i hate it.Its all about the $$$$
  • rakemrakem Member Posts: 800
    cool, thats what i thought.

    another question.... say i have a route map that is something like:

    route-map permit 10
    match ip address 1

    but then the access list has a deny like:

    access-list 1 deny 10.0.0.0 0.0.0.255
    access-list 1 deny 11.0.0.0 0.0.0.255

    so the route-map is permit but the access-list is deny...

    will the subnets be permitted or denied?
    CCIE# 38186
    showroute.net
  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    in your example line 10 will not match anything because you have 2 explicit deny statements, followed by an implicit deny statement. for the route map to match the subents you will need to change them to permit statements. Depending on the use of this route map you have listed, you mey end up denying all routes (when applied to a routing protocol or redistribution) or in the case of PBR the route map will not change any traffic, all traffic will be routed normally.
    The only easy day was yesterday!
  • rakemrakem Member Posts: 800
    ok my question was more along the lines of what happens if there is a permit in the route-map and a deny in the access-list....

    say there was a permit any at the end of that access-list. would the 10.0.0.0/8 and the 11.0.0.0/8 be permitted or denied?
    CCIE# 38186
    showroute.net
  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    Well you haven't specified what the use of this route map will be, it can mean different things in different uses.

    In your example you have denied 10.0.0.x and 11.0.0.x in an access-list then used that in a route-map with a permit, since they don't match the match clause (they were denied) the route map will then compare the packet against the next sequence number. Like access lists, there is an implicit dney all (again depending on the use) at the bottom of the rotue-map

    so somethng like this

    access-list 10 deny 10.0.0.0 0.0.0.255
    access-list 10 deny 11.0.0.0 0.0.0.255

    access-list 20 permit any

    route-map set-dscp permit 10
    match ip address 10
    set ip precedence critical
    route-map set-dscp permit 20
    match ip address 20
    set ip precedence priority

    so what will happen to a packet from 10.0.0.1? Well it dosen't meet the match clasue in sequence 10 so the router will then process it against sequence 20 and it will match this line, then it will set the ip precedence to priority
    The only easy day was yesterday!
Sign In or Register to comment.