Route-Map Deny Sequence Vs ACL Deny Statement

guruprasadr · ‎11-29-2007

Hello Experts,

What is the difference between "Deny" Sequence in Route-map AND ACL with DENY Statement.

>>Consider i want to match "ip address" 199 in route-map "LOAD-BALANCE->GURGAON"

Que:

-------

1. ACL also has Deny Statement

2. Route Map also has Deny Sequence

>>How this Works ?

>>Whether this is OK or NOK

Eg:

route-map LOAD-BALANCE->GURGAON deny 10

Eg:

access-list 199 deny tcp any any eq echo

access-list 199 deny udp any any eq echo

Thanks in Advance for your Replies.

Best Regards,

Guru Prasad R

lgijssel · ‎11-29-2007

You should see it like this:

-The acl represents the condition to meet

-The route map determines the action to take when the conditions are met.

Obviously, action will only be taken for traffic that satisfies (meets) the conditions. Your acl is a long way to express "match never" because of the implicit deny at the end.

Conclusion of this is that the above will likely do very little because the condition is never met.

regards,

Leo

bvsnarayana03 · ‎11-29-2007

Deny action with route-map has a different behaviour for Policy-routing & Redistribution.

When used for policy-routing & pkt matches with deny sequence then the pkt is not policy routed but sent to the normal routing process for fwding.

When used for redistribution & pkt matches with deny sequence then the pkt is not redistributed.

In your case, I'm confused not to see any permit statement in acl. So everything goes to normal routing.

My assumption is there should be a permit statement in acl which is missing or atleast another route-map sequence.

Lets c what experts say...