Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
13359
Views
11
Helpful
4
Replies

Route-map implicit deny

Go to solution
Quang Do Xuan
Level 1
Level 1

‎12-30-2015 07:04 PM - last edited on ‎07-14-2023 04:01 AM by Community Manager

Hi,

I am searching for this over the internet but couldn't find a good answer: When does

route-map

implicit deny apply?

I knew for BGP route advertisement, a

no-match route

is discarded with implicit deny at the end of

route-map

whereas PBR skips the

no-match packet

and let it go through as it does without the PBR.

Can anyone explain the logic behind

route-map

implicit deny and list out cases when it applies? Thanks in advance!

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Richard Bradfield
Level 6
Level 6

‎12-30-2015 07:37 PM - last edited on ‎07-14-2023 04:04 AM by Community Manager

Hi,

Please see this link below for a good explanation

http://www.informit.com/library/content.aspx?b=CCIE_Practical_Studies_II&seqNum=19

it is very similar to an ACL, there is always an implicit deny at the end of the

route map

for example in

redistribution 

in this case BGP into EIGRP

route-map BGP permit 10
 match ip address 55  < Access-list 55 contains the routes we want to redistribute

Now according to the document in the link above there is an implicit deny as below that is not seen  in the configuration

route-map BGP deny 65536

match ip address all_routes <denies everything else

router eigrp 100
redistribute bgp 64571 route-map BGP 

HTH

Richard

 

 

View solution in original post

0 Helpful

Go to solution
Masoud Pourshabanian
VIP Alumni
VIP Alumni

‎12-30-2015 08:35 PM - last edited on ‎07-14-2023 04:09 AM by Community Manager

Hello,

Route-map

is used for matching. It can be used for matching the traffic or matching the routes or different criteria.

You can define several

route-maps

with the same name and different numbers. 

Route-map  test permit 10

match criteria

set action

Route-map  test permit 20

match criteria

set action

[ the nest one is implicitly exist. You do need to specify it]

Route-map  test deny 30

match all

Remember, you use

route-map

for matching. You match some traffic or routes with permit statements and all other traffic matches with the last implicit deny( You matched some traffic and other did not match by implicit deny).

Route-map

is done here, match or not match

Now you have a group of traffic or route matched. It is the confusing part. Router has different treatment with "not match" depending on where you apply the

route-map
1- In matching route in routing protocols.

Match= advertise ( it is general, there is many other cases)

not match= deny to advertise

2- In policy route-map

Matched traffic will be routed based on the next hop on

route map

command,  "NOT match" will be checked against the global routing table( you see the treatment is different.  "Not match" is not necessarily deny)

Hope it helps,

Masoud

 

 

View solution in original post

4 Replies 4

Go to solution
Richard Bradfield
Level 6
Level 6

‎12-30-2015 07:37 PM - last edited on ‎07-14-2023 04:04 AM by Community Manager

Hi,

Please see this link below for a good explanation

http://www.informit.com/library/content.aspx?b=CCIE_Practical_Studies_II&seqNum=19

it is very similar to an ACL, there is always an implicit deny at the end of the

route map

for example in

redistribution 

in this case BGP into EIGRP

route-map BGP permit 10
 match ip address 55  < Access-list 55 contains the routes we want to redistribute

Now according to the document in the link above there is an implicit deny as below that is not seen  in the configuration

route-map BGP deny 65536

match ip address all_routes <denies everything else

router eigrp 100
redistribute bgp 64571 route-map BGP 

HTH

Richard

 

 

0 Helpful

Go to solution
Quang Do Xuan
Level 1
Level 1
In response to Richard Bradfield

‎12-30-2015 08:06 PM - last edited on ‎07-14-2023 04:05 AM by Community Manager

Thanks Richard,

If

route maps

are applied in a

policy-routing

environment, packets that do not meet the match criteria are then forwarded according to the route table.

So I guess

policy-routing

is the only special case or we can say "denied by PBR means no PBR". Many thanks.

0 Helpful

Go to solution
Masoud Pourshabanian
VIP Alumni
VIP Alumni

‎12-30-2015 08:35 PM - last edited on ‎07-14-2023 04:09 AM by Community Manager

Hello,

Route-map

is used for matching. It can be used for matching the traffic or matching the routes or different criteria.

You can define several

route-maps

with the same name and different numbers. 

Route-map  test permit 10

match criteria

set action

Route-map  test permit 20

match criteria

set action

[ the nest one is implicitly exist. You do need to specify it]

Route-map  test deny 30

match all

Remember, you use

route-map

for matching. You match some traffic or routes with permit statements and all other traffic matches with the last implicit deny( You matched some traffic and other did not match by implicit deny).

Route-map

is done here, match or not match

Now you have a group of traffic or route matched. It is the confusing part. Router has different treatment with "not match" depending on where you apply the

route-map
1- In matching route in routing protocols.

Match= advertise ( it is general, there is many other cases)

not match= deny to advertise

2- In policy route-map

Matched traffic will be routed based on the next hop on

route map

command,  "NOT match" will be checked against the global routing table( you see the treatment is different.  "Not match" is not necessarily deny)

Hope it helps,

Masoud

 

 

Go to solution
Quang Do Xuan
Level 1
Level 1
In response to Masoud Pourshabanian

‎12-30-2015 09:26 PM

Thanks Masoud, that is clear and nicely adds up our verdict here!

0 Helpful
Customers Also Viewed These Support Documents