Re: question on route map + access list on same interface

[Mason Eike]

     Route-maps are typically used to filter ROUTING PROTOCOL
advertisements either inbound or outboud.  An ACL applied to an
interface specifically instead of a routing protocl process using the
"ip access-group" command with filter the interface traffic.   

  For instance (and clarity):

  You can have an ACL assigned to an interface that permits packets
transmitted from the source  10.0.0.0 network ONLY.  Any packet coming
into the interface(ip ACL is applied IN) that has a SA within that
specific network will be permitted, all others dropped..  Now let's
say you have a BGP session with a router at the other end that has an
ip of 10.0.0.2.  You are 10.0.0.1.  If you have a route-map applied to
the interface that is to match the BGP advertisements to an ACL for
permission and that ACL is filtering for 10.0.0.0/8, 192.168.0.0/16,
etc,  the router WILL ACCEPT the 192.168.0.0 advertisement for two
reasons:

  1.  Because you are neighboring with a 10.0.0.0 address that is
permitted on the interface ACL
  2.  Because 192.168.0.0 is permitted in the BGP route-map ACL.

 Interface ACL checked first.
 Routing protocol ACL's checked second, third. etc..

 Please let me know if you have any questions.
 Mas


  

On 26 Jan 2001 13:31:21 -0500, [EMAIL PROTECTED] ("Bill O'Brien")
wrote:

>George,
>
>Why would you put both on an interface.  If your using
>a route map you have to call the access-lists you
>need. 
>
>Bill
>--- george <[EMAIL PROTECTED]> wrote:
>> Theory question:
>> If a route-map and an input acess list are on the
>> same interface what is the
>> order of processing?
>> 1. Do packets go through the access list first then
>> proccessed by route map?
>> 2. Does the route-map go first and if so, do the
>> packets then go to the
>> access list for processing or are they just sent out
>> the next interface
>> bypassing the access list?
>> 
>> 
>> 
>> 
>> _________________________________
>> FAQ, list archives, and subscription info:
>> http://www.groupstudy.com/list/cisco.html
>> Report misconduct and Nondisclosure violations to
>[EMAIL PROTECTED]
>
>
>__________________________________________________
>Do You Yahoo!?
>Yahoo! Auctions - Buy the things you want at great prices. 
>http://auctions.yahoo.com/
>
>_________________________________
>FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]