Sep 4, 2011 12:24 AM
I need some help being the brain of a router, as i am struggling with this concept
I have read lots of posts on this forum and cisco white papers. I took this section out of a white paper
Route-maps can have permit and deny clauses. In route-map ospf-to-eigrp, there is one deny clause (with sequence number 10) and two permit clauses. The deny clause rejects route matches from redistribution. Therefore, these rules apply:
- If you use an ACL in a route-map permit clause, routes that are permitted by the ACL are redistributed.
- If you use an ACL in a route-map deny clause, routes that are permitted by the ACL are not redistributed.
- If you use an ACL in a route-map permit or deny clause, and the ACL denies a route, then the route-map clause match is not found and the next route-map clause is evaluated.
route map permit + acl permit = route map executes statement and stops parsing the entire route map
route map deny + acl permit = route map executes statement and stops parsing the entire route map
route map permit + acl deny = route map doesnt find a match for the acl so it skips to the next route map sequence number and so on until it finds a match
route map deny + acl deny = route map doesnt find a match for the acl so it skips to the next route map sequence number and so on until it finds a match
if no match found then it hits implicit deny.
the OCG has this in it
The match command can reference an ACL or prefix list, but doing so does introduce the
possibility of confusion. The confusing part is that the decision to filter a route or allow
the route through is based on the deny or permit in the route-map command, and not the
deny or permit in the ACL or prefix list. When referencing an ACL or prefix list from a
route map, the ACL or prefix list simply matches all routes permitted by the ACL or prefix
list. Routes that are denied by the ACL or prefix list simply do not match that match command’s
logic, making IOS then consider the next route-map command.
ok.. so that makes a little bit more sense.
But why are some things a match and some not.
like a route map deny and an acl deny.. seems like a match to deny it to me, and not even worry about continuing further on down the route map
so if you have
ip access-list standard 1
deny 192.168.10.0 0.0.0.255
route-map TEST deny 1
match ip address 1
the router thinks to itself..
"ok so you told me the range of ip addresses that you wanted to use were 192.168.10.0 - 192.168.10.255 and you wanted to deny those
i get lost from this point on.
if any one could explain it a little simpler then i would be very grateful thanks