Hi All -
I'm trying to understand the logic for the following sample (derived from the OTV deployment guide):
ip access-list ACL-ANY-IP
permit ip any any
ip access-list ACL-FHRP-IP
permit ip any 224.0.0.2
permit ip any 224.0.0.102
permit ip any 224.0.0.18
mac access-list ACL-ANY-MAC
permit any any
mac access-list ACL-FHRP-MAC
permit 0000.0c07.ac00 0000.0000.00ff any
permit 0000.0c9f.f000 0000.0000.0fff any
permit 0000.5e00.0100 0000.0000.00ff any
!
vlan access-map BLOCK-FHRP 10
match mac address ACL-FHRP-MAC
match ip address ACL-FHRP-IP
action drop
vlan access-map BLOCK-FHRP 20
match mac address ACL-ANY-MAC
match ip address ACL-ANY-IP
action forward
!
vlan filter BLOCK-FHRP vlan-list 10-19
In PBR, two or more match statements in a block are a logical AND. The Catalyst documentation (top of page 6) says that this is an invalid configuration, but the Nexus documentation seems to state otherwise.
So is this a logical AND or a logical OR? If it's a logical AND, does this actually work considering that there are multiple matches in each of the ACLs?
Thanks in advance,
PSC