cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
578
Views
0
Helpful
4
Replies

Route Maps using ACL'S - Explicit deny or not to deny....

christophermann
Level 1
Level 1

I am currently looking at a proposed use of a couple of route map configs and wonder if anybody could help with a question i have.

in the route maps there is an standard ACL configured to allow a specific networks traffic. This ACL is them picked up using the 'match ip address' command in the Route Map.

My question is, if any other network traffic is recieved other than that permitted by the ACL used by the Route Map, will it get dropped?

Reading cisco's information about Route Maps states that they do not have an 'implicit deny' statement.

Thank you all in advance

Chris

4 Replies 4

Jose Jara
Level 3
Level 3

Hi Chris,

there is an implicit deny in the route-maps. In your case, if the route-map looks like that:

route-map TEST permit 10

match ip address 1

All the networks that will not match the access-lists will not be allowed. If, on the other hand, you want to deny just some networks and allow the rest, the config would be:

route-map TEST deny 10

match ip address 1

route-map TEST permit 20

The second sentence will be empty allowing the rest of the networks.

Hope this helps

Jose.

Jose,

thanks for your reply, thats exactly what i was afraid of, and understood it to be,

here is what the policy looks like...

access-list 22 perimt 192.168.32.0 0.0.0.255

route-map TEST1 permit 10

match ip address 22

set next-hop xx.xx.xx.xx

ip policty route-map TEST1

so looking at your solution should how would the route-map look if i wanted to allow say traffic from a 192.168.40.0/24 network?

Chris

Hi,

source IP not in 192.168.32.0/24 will be forwarded following the info in the routing table, in PBR route-maps there's no need for an implicit permit statement because what is not matching the explicit permit statements will get catched by the implicit deny and so they will not be policy routed but will use the normal FIB table for transit traffic.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

cadet alain
VIP Alumni
VIP Alumni

Hi,

what is the role of this route-map ? in some cases you'll have to use an implicit empty clause with permit to override the explicit deny clause in route-maps.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: