implicit deny on the end of a route map? BSCI question

I am sitting here going over a cbt nugget (Advanced routing:Manipulating route updates 35:00) and wonder about something.
Jeremy was creating a route-map, and in short made a sequence of
permit 10 permitting 3 addresses on a standard acl, adding weight, change to external type 1
permit 20 permitting 3 more addresses on standard acl, weight, external type 2 route
deny 30 deny one netwrk address and permit all
and another permit 40 basically permitting all traffic and setting metric to 500 type 1 route
Then had redistributed rip into ospf through this route map.

So I ask this question, is there a possibility of a route-map funtioning like an acl and deny traffic if no permit is put at the last sequence ? Say I Jeremy didn't put sequence 40 into the route map and redistributed rip into ospf with this route map.
Thanks

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

jamesp1983

my understanding from the video was that if you don't put a permit at the end of the route map then it will act like an ACL and deny

dtlokee

It can depend on the use of the route-map but in the case of redistribution if the routes aren't matched by an entry they will not be redistributed. In the case of policy routing any packets that don't match an entry in the route-map will be routed normally according to the routing table, but they will not be dropped due to the route-map.

happy420golucky

dtlokee wrote:

It can depend on the use of the route-map but in the case of redistribution if the routes aren't matched by an entry they will not be redistributed. In the case of policy routing any packets that don't match an entry in the route-map will be routed normally according to the routing table, but they will not be dropped due to the route-map.

Okay, I get it. So for redistribution make sure that you still permit at the end of your route map or those routes your wishing to redistribute won't be put, in this case ospf.
For policy based routing, I am not really great at this yet. I am thinking for manipulating routing metrics, local preference, etc between IBGP peers or EBGP peers your traffic will still route even when your traffic doesn't match any of the sequences of that route map since that route is still in the routing table. Am I getting you right?

dtlokee

Well don't assume you need a permit at the end of the route map, it all depends on what you're trying to accomplish. If you want all routes redistributed then yes just put a permit statement with no match condition. If you goal is to limit what is being redistributed then don't put a permit at the end because it may allow more than what you wanted. This is also true of applying a route map in BGP to a neighbor, anything that is not permitted will be dropped.

happy420golucky

dtlokee wrote:

Well don't assume you need a permit at the end of the route map, it all depends on what you're trying to accomplish. If you want all routes redistributed then yes just put a permit statement with no match condition. If you goal is to limit what is being redistributed then don't put a permit at the end because it may allow more than what you wanted. This is also true of applying a route map in BGP to a neighbor, anything that is not permitted will be dropped.

haha, Now I am crystal clear. Thanks for the replies from both of you guys. As long as I know exactly what happens with or without that permit sequence I am all good. I would like to add another comment. In this video he goes on to say that if you have a deny acl and put that into a deny sequence of a route map it will deny your deny!!!! hahhaha, funny hearing him say that being how I was imagining a ton of people just being mind blown when he made that statement.

I really like these CBT nuggets, but at times he obviously leaves out vital information or doesn't go deep enough into a subject for this test *Multicast*. All in all I can at least stay awake and pay attention.

Aight I am out. Thx for the help