Re: [OSL | CCIE_Security] "AND" behavior in route-map matching

[Pieter-Jan Nefkens]

Hello Tacack, If you look at this technote: https://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a008047915d.shtml You'll see that the match is based on and, but apparantly, you can define multiple access-list numbers and match on an or-basis for that. Altough this technote is about route-redistribution, the principle should be the same.. Pieter-Jan On 12 sep 2010, at 14:42, Vybhav Ramachandran wrote: Hello All, I came across a PBR task with the following requirements : 1) Match ICMP traffic 2) Match only if it exits out of fa 0/1 interface 3) Match it only if it's length is a hundred bytes. 4) Drop the traffic if it matches the above criteria The solution states : access-list 101 permit icmp any any route-map test   match ip address 101   match interface fa 0/1   match length 100 100   set interface null 0 exit Then , the route-map is applied to an interface. I always thought, multiple match criteria were processed using the "OR" logic. That is, in this case, if either the packet matches the ACL 101 , or if the exiting interface of the packet is fa 0/1 , or if the packet length is 100 bytes, then it matches the route-map's clause and the packet is dropped. But the solution uses this as an "AND" logic. I'm confused? I found an example(below) in the Doc-CD which states that the successive MATCH clauses are treated as OR. ! Match ip address access list 69 or match AS path 1 ! and set the IP Precedence to critical route-map precedence-map permit 75  match ip address 69  match as-path 1  set ip precedence critical Wondering if anyone can shed some light on this Cheers and thanks, TacACK _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com --- Nefkens Advies Enk 26 4214 DD Vuren The Netherlands Tel: +31 183 634730 Fax: +31 183 690113 Cell: +31 654 323221 Email: pjnefk...@nefkensadvies.nl Web: http://www.nefkensadvies.nl/  Think before you print.

_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com