Manualshelf

White Papers

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch N2000 Series
11121314151617181920
20 Using Policy Based Routing and Access Control Lists in a Virtualized Network
5 Dropping Packets
Unlike a “deny statement in an access list, a Route-Map deny” statement does not drop a packet when
the criteria matches the packet. Instead the Route-Map simply turns all control of the packet back over to
traditional routing and ignores all Policy Based Routing rules. In other words, when a “deny sequence is
matched, the packet is treated as if no PBR exists.
PBR does however provide a way to drop a packet if desired. By using the set interface null0 command,
users can drop any packet that matches the criteria on a
permit
statement. Simply add the following set
statement to your
permit
sequence:
console(config-route-map)#set interface null0
All packets matching the
permit
statement will be dropped. They will neither be routed with a PBR nor will
they be routed with traditional routing.
Note: Only permit sequences may have set statements. Matching on deny sequences will always turn
control back to traditional routing.