Use this command to configure a route map in order to match based on the match criteria configured in an IP access-list. Note that an IP ACL (Access Control List) must be configured before it is linked to a route-map. Actions present in an IP ACL configuration are applied with other actions involved in route-map. If an IP ACL referenced by a route-map is removed or rules are added or deleted from that ACL, the configuration is rejected.
If there are a list of IP access-lists specified in this command and the packet matches at least one of these access-list match criteria, the corresponding set of actions in route-map are applied to packet.
If there are duplicate IP access-list numbers/names in this command, the duplicate configuration is ignored.
Default | No match criteria are defined by default. |
Format | match ip address access-list-number | access-list-name [...access-list-number| name] |
Mode | Route Map Configuration |
Parameter | Description |
---|---|
access-list-number | The access-list number that identifies an access-list configured through access-list CLI configuration commands. This number is 1 to 99 for standard access list number. This number is 100 to 199 for extended access list number. |
access-list-name | The access-list name that identifies named IP ACLs. Access-list name can be up to 31 characters in length. A maximum of 16 ACLs can be specified in this ‘match‘ clause. |
The following sequence shows creating a route-map with “match” clause on ACL number and applying that route-map on an interface.
(Extreme 220) (Config) #access-list 1 permit ip 10.1.0.0 0.0.255.255 (Extreme 220) (Config) #access-list 2 permit ip 10.2.0.0 0.0.255.255 (Extreme 220) (Config) #route-map equal-access permit 10 (Extreme 220) (config-route-map)#match ip address 1 (Extreme 220) (config-route-map)#set ip default next-hop 192.168.6.6 (Extreme 220) (config-route-map)#route-map equal-access permit 20 (Extreme 220) (config-route-map)#match ip address 2 (Extreme 220) (config-route-map)#set ip default next-hop 172.16.7.7 (Extreme 220) (Config) #interface 1/0/1 (Extreme 220) (Interface 1/0/1)#ip address 10.1.1.1 255.255.255.0 (Extreme 220) (Interface 1/0/1)#ip policy route-map equal-access (Extreme 220) (Config) #interface 1/0/2 (Extreme 220) (Interface 1/0/2)#ip address 192.168.6.5 255.255.255.0 (Extreme 220) (Config) #interface 1/0/3 (Extreme 220) (Interface 1/0/3)#ip address 172.16.7.6 255.255.255.0 The ip policy route-map equal-access command is applied to interface 1/0/1. All packets coming inside 1/0/1 are policy-routed. Sequence number 10 in route map equal-access is used to match all packets sourced from any host in subnet 10.1.0.0. If there is a match, and if the router has no explicit route for the packet‘s destination, it is sent to next-hop address 192.168.6.6 . Sequence number 20 in route map equal-access is used to match all packets sourced from any host in subnet 10.2.0.0. If there is a match, and if the router has no explicit route for the packet‘s destination, it is sent to next-hop address 172.16.7.7. Rest all packets are forwarded as per normal L3 destination-based routing.
This example illustrates the scenario where IP ACL referenced by a route-map is removed or rules are added or deleted from that ACL, this is how configuration is rejected:
(Extreme 220) (Routing) #show ip access-lists Current number of ACLs: 9 Maximum number of ACLs: 100 ACL ID/Name Rules Direction Interface(s) VLAN(s) ------------------------------- ----- --------- ---------------- ---------- 1 1 2 1 3 1 4 1 5 1 madan 1 (Extreme 220) (Routing) #show mac access-lists Current number of all ACLs: 9 Maximum number of all ACLs: 100 MAC ACL Name Rules Direction Interface(s) VLAN(s) ------------------------------- ----- --------- ---------------- ---------- madan 1 mohan 1 goud 1 (Extreme 220) (Routing) # (Extreme 220) (Routing) # (Extreme 220) (Routing) #configure (Extreme 220) (Config) #route-map madan (Extreme 220) (route-map)#match ip address 1 2 3 4 5 madan (Extreme 220) (route-map)#match mac-list madan mohan goud (Extreme 220) (route-map)#exit (Extreme 220) (Config) #exit (Extreme 220) (Routing) #show route-map route-map madan permit 10 Match clauses: ip address (access-lists) : 1 2 3 4 5 madan mac-list (access-lists) : madan mohan goud Set clauses: (Extreme 220) (Config) #access-list 2 permit every Request denied. Another application using this ACL restricts the number of rules allowed. (Extreme 220) (Config) #ip access-list madan (Extreme 220) (Config-ipv4-acl)#permit udp any any Request denied. Another application using this ACL restricts the number of rules allowed.