11-29-2007 03:53 AM - edited 03-03-2019 07:43 PM
Hello Experts,
What is the difference between "Deny" Sequence in Route-map AND ACL with DENY Statement.
>>Consider i want to match "ip address" 199 in route-map "LOAD-BALANCE->GURGAON"
Que:
-------
1. ACL also has Deny Statement
2. Route Map also has Deny Sequence
>>How this Works ?
>>Whether this is OK or NOK
Eg:
route-map LOAD-BALANCE->GURGAON deny 10
Eg:
access-list 199 deny tcp any any eq echo
access-list 199 deny udp any any eq echo
Thanks in Advance for your Replies.
Best Regards,
Guru Prasad R
11-29-2007 04:15 AM
You should see it like this:
-The acl represents the condition to meet
-The route map determines the action to take when the conditions are met.
Obviously, action will only be taken for traffic that satisfies (meets) the conditions. Your acl is a long way to express "match never" because of the implicit deny at the end.
Conclusion of this is that the above will likely do very little because the condition is never met.
regards,
Leo
11-29-2007 05:27 AM
Deny action with route-map has a different behaviour for Policy-routing & Redistribution.
When used for policy-routing & pkt matches with deny sequence then the pkt is not policy routed but sent to the normal routing process for fwding.
When used for redistribution & pkt matches with deny sequence then the pkt is not redistributed.
In your case, I'm confused not to see any permit statement in acl. So everything goes to normal routing.
My assumption is there should be a permit statement in acl which is missing or atleast another route-map sequence.
Lets c what experts say...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide