Now consider the following configuration. In vlan access-map king 10, the operation is OR between "123" and "124". If there is no match for access-map 10, then it goes for access-map 20.
vlan access-map king 10 action forward match ip address 123 124 vlan access-map king 20 action forward match ip address 125 The route-maps and vlan access-maps uses nearly the same logic. In entry 10, either 123 or 124 should me matched which is OR operation and that is ANDed with match length. So either 123 + match length or 124 + match length is the matching criteria for entry 10. If there is no match for 10, 20 is checked for. route-map king permit 10 match ip address 123 124 match length 100 200 route-map king permit 20 match ip address 125 Now with vlan access-maps, you can't define two match criterias within an entry that can be ANDed like we do for route-maps. Hence there is concept of AND operation in vlan access map. The exception to this is the following one which has the match ip and mac. Since the match is in different lines, they should ANDed. So my question, is the following valid which ANDs a mac IP and mac mac? vlan access-map king action forward match mac address macking match ip address 123 With regards KIngs On Sun, Sep 11, 2011 at 2:16 PM, Andrey <[email protected]> wrote: > Kingsley, > > I do not quite understand your interpretation of the rules, > just clarify how I understand: > > It is "OR" inside sequence of access-map, > and "AND" between sequences. > > Piotr, > > I agree with you in all except one - > "When a flow matches permit ACL entry, the associated action is taken and > the flow is not checked against the remaing sequences" > > My understanding - it is not checked against the remaining entries in same > sequence, but checked against the remaining sequences. > > Best regards, > Andrey >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
