route-map logical AND

jackie_gx · ‎11-17-2011

i want to config route-map with AND logical to match 2 list of ACL. But when i enter the config like this :

route-map TEST permit 10

match ip address 111

match ip address 112

it show the command like this:

route-map TEST permit 10

match ip address 111 112

How can i config a logical AND under the route-map?

Konstantin Dunaev · ‎11-17-2011

Hi,

that is already logical AND, I suppose.

jackie_gx · ‎11-17-2011

not that logical OR?

Konstantin Dunaev · ‎11-17-2011

your're right, only several match's are processed as AND, but inside of a match command the entries are OR'ed.

It's a good question, I don'T have an idea how to do it.

but may be you could explain why do you need two ACL to be ANDed?

jackie_gx · ‎11-17-2011

We are in the progess to migrate braches. The branches not migrate yet will flow as normal, the ane already been migrated will be foward to a vrf. The traffic will be commming inbound at the interface. And the thing is, the source is of the ip is always the same, but the destination is diff cos is point to the branches ip. So insted of all huge ammount of ACL when doing the migration, i plan to write 2 ACL, one to match the source and other one to match the destination ip. Since the source is always the same, i just need to add the Dest ACL during the migration.

Konstantin Dunaev · ‎11-17-2011

it seems to be that the only possibilities to do it - to use a ACL with a same source and different destinations.

Or may be you can use e.g. a tag for cirtain branchs prefixes and then use ACL and "matc tag" in the same route-map.

jackie_gx · ‎11-18-2011

think i found the way by using "continue", it will go down the follow sequence even it match.

Konstantin Dunaev · ‎11-18-2011

Cool! Thank you for the update. I've read about "continue" but haven't tested yet.

lmediavilla · ‎02-22-2013

In my case continue doesn't work, I try to deny if any of these routes are not on the table

access-list 20 permit 157.10.36.0 0.0.0.255

access-list 21 permit 157.10.37.0 0.0.0.255

no route-map INTERFACES

route-map INTERFACES permit 10

match ip address 20

continue

route-map INTERFACES permit 20

match ip address 21

OR

access-list 20 permit 157.10.36.0 0.0.0.255

access-list 21 permit 157.10.37.0 0.0.0.255

no route-map INTERFACES

route-map INTERFACES permit 10

match ip address 20

continue 20

route-map INTERFACES permit 20

match ip address 21

If I shut down one interface it keeps permitting it and that's not the point of it

milan.kulik · ‎02-24-2013

Hi,

I don't think two ACLs with AND could be used within on route-map entry.

But it might be worth to use object-groups to create one ACL instead of a huge combinations of the existing ACLs?

See

http://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_acl/configuration/15-2mt/sec-object-group-acl.html#GUID-BE5C124C-CCE0-423A-B147-96C33FA18C66

for details.

HTH,

Milan

Alessio Andreoli · ‎02-22-2013

When all the conditions are verified, then you are aware of an logical AND operation. In QoS match-all would be an AND

Hope this help
Alessio

Sent from Cisco Technical Support iPad App

lmediavilla · ‎02-24-2013

the question is how to make a logic AND with a route map no what a logic AND is.