cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco Community Designated VIP Class of 2020

216
Views
0
Helpful
4
Replies
Beginner

Route-map with deny action

Hi,

If there exists a route with community 100:1 100:2 100:3 100:4

 

route-map TEST deny 10

match policy-list POL_TEST

 

route-map TEST permit 20

 

ip policy-list POL_TEST permit

match community 10

 

ip community-list 10 deny  _100:1_

ip community-list 10 deny  _100:2_

ip community-list 10 permit  _100:4_

 

Processing logic:

1. As route-map and community for _100:1_  has deny statement resulting in the route being permitted and route-map processing comes to a standstill.

 

Is my logic right ?

4 REPLIES 4
VIP Collaborator

Re: Route-map with deny action

route-map TEST deny 10    

match policy-list POL_TEST    < will deny just _100:4_  

 

route-map TEST permit 20

 

ip policy-list POL_TEST permit

match community 10   < other community will be checked here, but not  _100:1_, _100:2_ and and _100:4_ ( that was denied from firsly statement)

 

ip community-list 10 deny  _100:1_      < will not checked by route-map 

ip community-list 10 deny  _100:2_      < will not checked by route-map

ip community-list 10 permit  _100:4_   < will checked by route-map

 

 

Processing logic:

1. As route-map and community for _100:1_  has deny statement resulting in the route being permitted and route-map processing comes to a standstill.

 

 

look here some exemple to policy community: https://www.cisco.com/c/m/en_us/techdoc/dc/reference/cli/nxos/commands/bgp/ip-community-list.html

Jaderson Pessoa
*** Rate All Helpful Responses ***
Beginner

Re: Route-map with deny action

So route-map with deny clause, as well as match with denying results in processing to move to the next sequence?  I was under the impression that route was denied to be denied hence permitted. 

Beginner

Re: Route-map with deny action

#show ip bgp 0.0.0.0
BGP routing table entry for 0.0.0.0/0, version 6
Paths: (1 available, best #1, table default)
  Advertised to update-groups:
     12        
  Refresh Epoch 3
  Local
    192.168.1.1 from 192.168.1.1 (33.3.3.3)
      Origin incomplete, metric 0, localpref 100, valid, internal, best
      Community: 163:17243 2002:35 2002:57 2002:1004
      rx pathid: 0, tx pathid: 0x0

vSC-A#show ip policy-list POL_TEST
policy-list POL_TEST permit
  Match clauses:
    community (community-list filter): 100 

#show ip community-list 100 Community (expanded) access list 100 deny _2002:35_ ( don't do anything ) deny _2002:57_ ( don't do anything ) permit _163:17243_ ( match, as route-map is denied, prefix with 163:17243 is blocked ) route-map TEST, permit, sequence 20 Match clauses: Set clauses: Policy routing matches: 0 packets, 0 bytes Permit everything but not _2002:35_ ,_2002:57_ and _163:17243_, which was denied in previous sequence. I only have one route which is the default. Apparently 0.0.0.0 still makes it to WAN peer.
VIP Mentor

Re: Route-map with deny action

Hello

My understanding is a route-map with deny action and acl ace deny results in the any prefix related to it is ignored



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
CreatePlease to create content
Content for Community-Ad
FusionCharts will render here