Hi,
if you want to deny the prefix you have to use deny ;)
The untested version of your route-map should do the expected, but you
don't need the continue 20 as the continue doesn't work with a deny.
Karsten
Am 03.02.2015 06:21, schrieb CiscoNSP List:
Hi Everyone,
If I want to block certain prefixes from an upstream, and accept the rest and
then tag the accepted prefixes, which is the correct method..I *thought* the
first one was correct, but it doesnt do what I expected...i.e. the ACL gets a
hit on deny 10.0.0.0/24, but it is still allowed(i.e We still receive the
prefix)?:
route-map UPSTREAM_A_IN permit 10
match ip address 98
continue 20
route-map UPSTREAM_A_IN permit 20
set community 12345:10000
access-list 98 deny 10.0.0.0 0.255.255.255
access-list 98 permit any
or...(I havent tested this one yet):
route-map UPSTREAM_A_IN deny 10
match ip address 98
continue 20
route-map UPSTREAM_A_IN permit 20
set community 12345:10000
access-list 98 permit 10.0.0.0 0.255.255.255
Cheers.
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
