Look at your configuration, can a route-map permit and deny at the same time in the same sentence?
route-map FILTER deny permit 10
match ip address prefix-list BLA
route-map FILTER seq 20 permit
Another error is that you introduced the "seq" keyword in the second sentence of the route-map, see:
route-map FILTER seq 20 permit
Reorganize the logic of the sentences.
In the first sentences you are basically denying the "x.x.x.x/x" network because you are permitting it into the prefix-list, but denying it in the route-map first sentence, and then is allowing everything else. In the second sentences you are denying the the "x.x.x.x/x" network and, allowing everything else. Normally in production networks the route-map have the last word, so the route-map is the one (normally) who decides what is goigng to happen with the packet/route/etc. I would choose the first method, since is what i always do when im filtering, besides the logic makes more sense to me.
If a route-map's match commands refer to an ACL or prefix list, and the ACL or prefix list matches a route with the deny action, the route is not filtered. Instead, it means the route does not match the match command logic, resulting in the Cisco IOS to consider the next route-map clause.
When using route-maps to call a ip prefix-list or ACL, the route-map decides the action (deny or permit). The prefix-list or ACL should always use "permit" clauses.
The route-map command includes an implied “deny” all clause at the end; to configure a permit all, use the route-map command with a permit action, but
without a match command.
P.S. - Check out my Quick Facts document on filtering EIGRP attached.
is ther something wrong with the opposite approche, except the headache you got from it?
like this deny in the prefix list those routes which we dont want to get filterd by the routmap referencing to the prefix list and all the rest to let go trough?
for example inter-area OSPF routes entering the routing table, what is was playing around with!
IA - O 192.168.0.0/24
IA - O 192.168.1.0/24
IA - O 18.104.22.168/32
i just want to have 22.214.171.124/32 in Routing table so
ip prefix-list FILT seq 10 deny 126.96.36.199/32
ip prefix-list FILT seq 20 permit 0.0.0.0/0 le 32
Route-Map FILT seq 10 deny
match ip address perfix-list FILT
Route-Map FILT seq 20 permit
in this case those routes deny by the prefix list would not matched by seq 10 Route-map entry, and all the rest would ,and those not matched in this case would be premited by the seq 20, so 188.8.131.52/32
IS this causing more overhead in the router, or does it have the same effect just the approche is different?
???? what do the rookies say????
I haven't seen such document in one place; it would be nice; route-maps have many usage in variety of places; as you read or see route map exmaple, make notes;
for example: in terms of redistribution see rules:
- If you use an ACL in a route-map permit clause, routes that are permitted by the ACL are redistributed.
- If you use an ACL in a route-map deny clause, routes that are permitted by the ACL are not redistributed.
- If you use an ACL in a route-map permit or deny clause, and the ACL denies a route, then the route-map clause match is not found and the next route-map clause is evaluated.
Incorrect. The prefix-list can have both permit and deny statements. For example:
router ospf 1
net 0.0.0.0 255.255.255.255 area 0
redistribute static metric 10 metric-type 1 subnets route-map redistribute bubba
route-map bubba permit 10
match ip address static-routes
prefix-list static-routes seq 10 deny 172.16.1.0/24
prefix-list static-routes seq 20 permit 172.16.0.0/16 le 32
prefix-list static-routes seq 1000 deny 0.0.0.0/0 le 32
This redistribution denies the 172.16.1.0/24 subnet, permits any other 172.16.0.0/16 related subnets, and denies all other subnets from being processed/redistributed. This has been bench tested as well as tested in GNS3.