Consider the following:
Scenario 1 (route-map PERMIT and ACL permit):
router(config)#route-map boston permit 1
router(config-route-map)#match ip address 5
router(config-route-map)#set community 120
router(config)#access-list 5 permit 10.5.1.121 0.0.0.255
Scenario 2 (route-map PERMIT and ACL deny):
router(config)#route-map boston permit 1
router(config-route-map)#match ip address 5
router(config-route-map)#set community 120
router(config)#access-list 5 deny 10.5.1.121 0.0.0.255
Scenario 3 (route-map DENY and ACL permit):
router(config)#route-map boston deny 1
router(config-route-map)#match ip address 5
router(config-route-map)#set community 120
router(config)#access-list 5 permit 10.5.1.121 0.0.0.255
Scenario 4 (route-map DENY and ACL DENY):
router(config)#route-map boston deny 1
router(config-route-map)#match ip address 5
router(config-route-map)#set community 120
router(config)#access-list 5 deny 10.5.1.121 0.0.0.255
Q: What is the difference in the four scenarios? Please clarify. For ease of understanding, is there some kind of truth table that we can construct?
Can the following truth table be applied universally?
Route-map(permit), ACL(permit)—->DO THE TASK
Route-map(permit), ACL(deny)—->DON'T DO THE TASK
Route-map(deny), ACL(permit)—->DON'T DO THE TASK
Route-map(deny), ACL(deny)—->DON'T DO THE TASK
Best Answer
There is an implicit deny in the route-map statement. So if permit 1's match clause in Scenario 2 doesn't match because of the deny statement in the ACL, then the rest of the networks would not be matched either.
Consider this additional scenario:
In this scenario, you would be saying set the community to 120 for any route that's NOT 10.5.1.0/24.