simple route-map question...

snickered

I was curious what happens when an IP address matches several sequences.

access-list 1 permit 192.168.1.0
access-list 101 permit ip host 192.168.1.20 any

route-map TEST permit 10
match ip address 1
set ip next-hop 192.168.1.1

route-map TEST permit 20
match ip address 101
set ip next-hop 192.168.1.254

Well, I guess a better question would be... what happens when 192.168.1.20 is evaluated? Does it still go down the line of route-maps or does it stop after applying 10? Or will it keep looking at the rest and eventually match 20 and actually get the next-hop set as 192.168.1.254?

kpjungle

snickered wrote:

I was curious what happens when an IP address matches several sequences.

access-list 1 permit 192.168.1.0
access-list 101 permit ip host 192.168.1.20 any

route-map TEST permit 10
match ip address 1
set ip next-hop 192.168.1.1

route-map TEST permit 20
match ip address 101
set ip next-hop 192.168.1.254

Well, I guess a better question would be... what happens when 192.168.1.20 is evaluated? Does it still go down the line of route-maps or does it stop after applying 10? Or will it keep looking at the rest and eventually match 20 and actually get the next-hop set as 192.168.1.254?

It will stop after it matches.. so as far as i remember, the first access-list, will match 192.168.1.0 (0.0.0.0 is implied), which is the subnet, whereas the second access-list will catch the host.

This looks like some policy based routing, so without having labbed this up myself, i would assume that you would not get a hit on the first access-list. You would however get a match on the second, if the host you are comming from is 192.168.1.20.

APA

Once it finds the first match it will set that.....

Only if it couldn't find a match in the first sequence of the route-map should it go to the next sequence in that same route-map looking for a match..

So your answer would be that the next-hop of 192.168.1.1 would be set......

Personally I would have written the route-map in the opposite way so the exact match is always first... that way 1.20 would get it's 1.254 next hop...

All other 1.0/24 hosts would get the next-hop of 1.1

Same as access-lists.... most specific entries at the top so they are processed first...

kpjungle

A.P.A wrote:

Once it finds the first match it will set that.....

Only if it couldn't find a match in the first sequence of the route-map should it go to the next sequence in that same route-map looking for a match..

So your answer would be that the next-hop of 192.168.1.1 would be set......

Personally I would have written the route-map in the opposite way so the exact match is always first... that way 1.20 would get it's 1.254 next hop...

All other 1.0/24 hosts would get the next-hop of 1.1

Same as access-lists.... most specific entries at the top so they are processed first...

I couldnt resist, and did this myself..

An ACL of permit 192.168.1.0 wont catch anything, since its the subnet itself, and a wildcard mask of 0.0.0.0 is implied. If you are comming from 192.168.1.20 it wont match. So it wont match any route-map number, and hence not set the next hop to 192.168.1.1. After that, the next route-map statement is evaluated.

Note, if you wanted the entire 192.168.1.0/24 net to be matched, you could just state an ACL of: 192.168.1.0 0.0.0.255.

kryolla

always look at your ACL to see if you are getting any hits if the first list matched you would get a hit and zero hits on the 2nd ACL and vice versa. Then you know what acl is working and change your route map appropriately.

APA

Sorry my bad... I mis-read the ACL...


That is correct... 192.168.1.0 will use the automatic wilcard mask of 0.0.0.0 (Host entry...)

So it will bypass the first sequence and match with the second sequence....

Really should have read the acl statements a bit more closely!!!!

snickered

Thanks fellas. I actually meant to have a 0.0.0.255 on there (it was past my bedtime when I wrote that). I get the point though. As soon as it matches a sequence no more evaluation is done.