@puck.nether.net
Subject: Re: [c-nsp] BGP/route-map/acl question/logic...
Hi,
if you want to deny the prefix you have to use deny ;)
The untested version of your route-map should do the expected, but you
don't need the continue 20 as the continue doesn't work with a deny.
Karsten
Am 03.02.2015 06
-...@lnx.ro
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] BGP/route-map/acl question/logic...
Hi,
route-maps are first rule match based.
The permit any in the acl will match the announcement and skip the
rest of the rules.
you need to do something like:
access-list 98 permit
-nsp] BGP/route-map/acl question/logic...
Hi,
On Tue, Feb 03, 2015 at 04:21:42PM +1100, CiscoNSP List wrote:
route-map UPSTREAM_A_IN permit 10
match ip address 98
continue 20
route-map UPSTREAM_A_IN permit 20
set community 12345:1
access-list 98 deny 10.0.0.0 0.255.255.255
On Tue, 2015-02-03 at 09:30 +0100, Gert Doering wrote:
It's hard to come up with a really useful example, but given that extended
ACLs match both on prefix base and netmask with wildcards bits, this is
more flexibility than you'll ever use without your brain blowing up.
access-list 100
Thanks Gert...really appreciate the explanation.
Date: Tue, 3 Feb 2015 09:35:37 +0100
From: g...@greenie.muc.de
To: cisconsp_l...@hotmail.com
CC: g...@greenie.muc.de; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] BGP/route-map/acl question/logic...
Hi,
On Tue, Feb 03, 2015 at 07:32
Thanks Lukas - Under what circumstances would you use an access-list
over a prefix-list?
I would use an ACL when I need to match specific traffic (e.g. in an
interface acl,
firewall or nat context), as opposed to match specific routes (e.g. when
configuring
routing protocols).
Hi,
route-maps are first rule match based.
The permit any in the acl will match the announcement and skip the
rest of the rules.
you need to do something like:
access-list 98 permit 10.0.0.0 0.255.255.255
(or better:
prefix-list PL-NAME permit 10.0.0.0/8
)
route-map UPSTREAM_A_IN *deny* 10
Hi,
On Tue, Feb 03, 2015 at 08:39:09AM +0100, Lukas Tribus wrote:
route-map UPSTREAM_A_IN permit 10
match ip address 98
I would strongly suggest to use prefix-lists instead of access-lists, they are
made on purpose to match prefixes, are a lot easier to use and provide
much more
Thanks Lukas - Under what circumstances would you use an access-list
over a prefix-list?
I would use an ACL when I need to match specific traffic (e.g. in an interface
acl,
firewall or nat context), as opposed to match specific routes (e.g. when
configuring
routing protocols).
Hi,
On Tue, Feb 03, 2015 at 07:32:43PM +1100, CiscoNSP List wrote:
Cheers Gert - Understand it now :)
The continue part (When to use/when not to use), I definitely need to read
up on!
Basically, when you want to match+set something, and then continue processing
the route-map - while
On Tue, Feb 03, 2015 at 08:39:09AM +0100, Lukas Tribus wrote:
route-map UPSTREAM_A_IN permit 10
match ip address 98
I would strongly suggest to use prefix-lists instead of access-lists, they
are
made on purpose to match prefixes, are a lot easier to use and provide
much more
Hi,
On Tue, Feb 03, 2015 at 09:48:35AM +0100, Peter Rathlev wrote:
On Tue, 2015-02-03 at 09:30 +0100, Gert Doering wrote:
It's hard to come up with a really useful example, but given that extended
ACLs match both on prefix base and netmask with wildcards bits, this is
more flexibility than
I can see easier to use, but more flexibility - actually, no :-)
It's hard to come up with a really useful example, but given that extended
ACLs match both on prefix base and netmask with wildcards bits, this is
more flexibility than you'll ever use without your brain blowing up.
Hi Everyone,
If I want to block certain prefixes from an upstream, and accept the rest and
then tag the accepted prefixes, which is the correct method..I *thought* the
first one was correct, but it doesnt do what I expected...i.e. the ACL gets a
hit on deny 10.0.0.0/24, but it is still
Hi,
if you want to deny the prefix you have to use deny ;)
The untested version of your route-map should do the expected, but you
don't need the continue 20 as the continue doesn't work with a deny.
Karsten
Am 03.02.2015 06:21, schrieb CiscoNSP List:
Hi Everyone,
If I want to block certain
route-map UPSTREAM_A_IN permit 10
match ip address 98
I would strongly suggest to use prefix-lists instead of access-lists, they are
made on purpose to match prefixes, are a lot easier to use and provide
much more flexibility.
16 matches
Mail list logo