Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Route-Map Access-list !!!

Hello,

I am creating the following route-maps. I am sure my understanding is correct, but wanted to be very sure.

I am creating following route-maps.

route-map Router1_to_Router2export permit

match ip address Router1_to_Router2

ip access-list standard Router1_to_Router1

permit 192.168.0.0 0.0.0.255

So in the above i am only sending from Router # 1 to Router # 2 192.168.0.0/24 and nothing else. So after permit statement it will automatically have deny any any...So far right..

Now if i leave "ip access-list standard Router1_to_Router1

" blank like this ...then it means send everything or permit any ...Right so far...kindly confirm I will appreciate...

Thanks

ip access-list standard Router1_to_Router1

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Re: Route-Map Access-list !!!

Syed

I believe that you are correct. If the access list is empty then everything is permitted. As soon as there is the first statement in the access list then there is the implicit deny any at the bottom that will deny anything that is not permitted.

HTH

Rick

8 REPLIES

Re: Route-Map Access-list !!!

If I understand your question, when you create an acl with a "blank" entry, then it's going to deny anything and everything.

--John

HTH, John *** Please rate all useful posts ***
Hall of Fame Super Silver

Re: Route-Map Access-list !!!

The behavior when you assign an access list to an interface and the access list is empty changed. The old behavior was as John describes it and everything was denied (it enforced the implicit deny any at the bottom). Quite a while ago the behavior changed and now if you apply an empty (blank) access list to an interface it will permit everything. I assume that the behavior is the same in the route map.

HTH

Rick

Re: Route-Map Access-list !!!

I didn't realize they changed it. :-) I remember doing that by accident one day and all of my traffic came to a halt outbound.

Thanks Rick!

John

HTH, John *** Please rate all useful posts ***
Hall of Fame Super Silver

Re: Route-Map Access-list !!!

John

no problem. You would think that the old behavior (deny everything) was more logically consistent. I am guessing that enough people made that mistake that Cisco changed and helps protect us from that error.

HTH

Rick

New Member

Re: Route-Map Access-list !!!

Hello,

So in my Scenario, if i have an access-list and nothing is defined under it, then in my understanding it's all PERMIT. But if the access-list has even 1 permit statement under it and that access-list is under the Route-map then only that permit statement will be allowed and everything else will be denied...Right...as per my Question above..

Thanks.,..

Hall of Fame Super Silver

Re: Route-Map Access-list !!!

Syed

I believe that you are correct. If the access list is empty then everything is permitted. As soon as there is the first statement in the access list then there is the implicit deny any at the bottom that will deny anything that is not permitted.

HTH

Rick

New Member

Re: Route-Map Access-list !!!

Rick...thanks so much ....appreciate it.

Hall of Fame Super Silver

Re: Route-Map Access-list !!!

Syed

I am glad that the responses from John and me were helpful. Thank you for using the rating system to indicate that your question was resolved (and thanks for the rating). It makes the forum more useful when people can read a question and can know that there were responses which did resolve the question.

The forum is an excellent place to learn about Cisco networking. I encourage you to continue your participation in the forum.

HTH

Rick

523
Views
0
Helpful
8
Replies