Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Route-Map Deny Sequence Vs ACL Deny Statement

Hello Experts,

What is the difference between "Deny" Sequence in Route-map AND ACL with DENY Statement.

>>Consider i want to match "ip address" 199 in route-map "LOAD-BALANCE->GURGAON"

Que:

-------

1. ACL also has Deny Statement

2. Route Map also has Deny Sequence

>>How this Works ?

>>Whether this is OK or NOK

Eg:

route-map LOAD-BALANCE->GURGAON deny 10

Eg:

access-list 199 deny tcp any any eq echo

access-list 199 deny udp any any eq echo

Thanks in Advance for your Replies.

Best Regards,

Guru Prasad R

2 REPLIES

Re: Route-Map Deny Sequence Vs ACL Deny Statement

You should see it like this:

-The acl represents the condition to meet

-The route map determines the action to take when the conditions are met.

Obviously, action will only be taken for traffic that satisfies (meets) the conditions. Your acl is a long way to express "match never" because of the implicit deny at the end.

Conclusion of this is that the above will likely do very little because the condition is never met.

regards,

Leo

Re: Route-Map Deny Sequence Vs ACL Deny Statement

Deny action with route-map has a different behaviour for Policy-routing & Redistribution.

When used for policy-routing & pkt matches with deny sequence then the pkt is not policy routed but sent to the normal routing process for fwding.

When used for redistribution & pkt matches with deny sequence then the pkt is not redistributed.

In your case, I'm confused not to see any permit statement in acl. So everything goes to normal routing.

My assumption is there should be a permit statement in acl which is missing or atleast another route-map sequence.

Lets c what experts say...

2777
Views
0
Helpful
2
Replies