Print this pagePrint this page

Email this topicEmail this topic

View PDFView PDF

Download EPUBDownload EPUB

match ip address access-list-number | access-list-name

Use this command to configure a route map in order to match based on the match criteria configured in an IP access-list. Note that an IP ACL (Access Control List) must be configured before it is linked to a route-map. Actions present in an IP ACL configuration are applied with other actions involved in route-map. If an IP ACL referenced by a route-map is removed or rules are added or deleted from that ACL, the configuration is rejected.

If there are a list of IP access-lists specified in this command and the packet matches at least one of these access-list match criteria, the corresponding set of actions in route-map are applied to packet.

If there are duplicate IP access-list numbers/names in this command, the duplicate configuration is ignored.

Default No match criteria are defined by default.
Format match ip address access-list-number | access-list-name [...access-list-number| name]
Mode Route Map Configuration
Parameter Description
access-list-number The access-list number that identifies an access-list configured through access-list CLI configuration commands. This number is 1 to 99 for standard access list number. This number is 100 to 199 for extended access list number.
access-list-name The access-list name that identifies named IP ACLs. Access-list name can be up to 31 characters in length. A maximum of 16 ACLs can be specified in this ‘match‘ clause.

The following sequence shows creating a route-map with “match” clause on ACL number and applying that route-map on an interface.

(Extreme 220) (Config) #access-list 1 permit ip 10.1.0.0 0.0.255.255
(Extreme 220) (Config) #access-list 2 permit ip 10.2.0.0 0.0.255.255
(Extreme 220) (Config) #route-map equal-access permit 10
(Extreme 220) (config-route-map)#match ip address 1
(Extreme 220) (config-route-map)#set ip default next-hop 192.168.6.6
(Extreme 220) (config-route-map)#route-map equal-access permit 20
(Extreme 220) (config-route-map)#match ip address 2
(Extreme 220) (config-route-map)#set ip default next-hop 172.16.7.7
(Extreme 220) (Config) #interface 1/0/1
(Extreme 220) (Interface 1/0/1)#ip address 10.1.1.1 255.255.255.0
(Extreme 220) (Interface 1/0/1)#ip policy route-map equal-access
(Extreme 220) (Config) #interface 1/0/2
(Extreme 220) (Interface 1/0/2)#ip address 192.168.6.5 255.255.255.0
(Extreme 220) (Config) #interface 1/0/3
(Extreme 220) (Interface 1/0/3)#ip address 172.16.7.6 255.255.255.0
The ip policy route-map equal-access command is applied to interface 1/0/1. All packets coming inside 1/0/1 are policy-routed.
Sequence number 10 in route map equal-access is used to match all packets sourced from any host in subnet 10.1.0.0. If there is a match, and if the router has no explicit route for the packet‘s destination, it is sent to next-hop address 192.168.6.6 .
Sequence number 20 in route map equal-access is used to match all packets sourced from any host in subnet 10.2.0.0. If there is a match, and if the router has no explicit route for the packet‘s destination, it is sent to next-hop address 172.16.7.7.
Rest all packets are forwarded as per normal L3 destination-based routing.

This example illustrates the scenario where IP ACL referenced by a route-map is removed or rules are added or deleted from that ACL, this is how configuration is rejected:

(Extreme 220) (Routing) #show ip access-lists
Current number of ACLs: 9  Maximum number of ACLs: 100
ACL ID/Name                      Rules  Direction  Interface(s)      VLAN(s)
-------------------------------  -----  ---------  ----------------  ----------
1                                1
2                                1
3                                1
4                                1
5                                1
madan                            1
(Extreme 220) (Routing) #show mac access-lists
Current number of all ACLs: 9  Maximum number of all ACLs: 100
MAC ACL Name                     Rules  Direction  Interface(s)       VLAN(s)
-------------------------------  -----  ---------  ----------------  ----------
madan                            1
mohan                            1
goud                             1
(Extreme 220) (Routing) #
(Extreme 220) (Routing) #
(Extreme 220) (Routing) #configure
(Extreme 220) (Config) #route-map madan
(Extreme 220) (route-map)#match ip address 1 2 3 4 5 madan
(Extreme 220) (route-map)#match mac-list madan mohan goud
(Extreme 220) (route-map)#exit
(Extreme 220) (Config) #exit
(Extreme 220) (Routing) #show route-map
route-map madan permit 10
     Match clauses:
       ip address (access-lists) : 1 2 3 4 5 madan
       mac-list (access-lists) : madan mohan goud
     Set clauses:
(Extreme 220) (Config) #access-list 2 permit every
Request denied. Another application using this ACL restricts the number of rules allowed.
(Extreme 220) (Config) #ip access-list madan
(Extreme 220) (Config-ipv4-acl)#permit udp any any
Request denied. Another application using this ACL restricts the number of rules allowed.
Published February 2019prev | next

Email this topicEmail this topic

Print this pagePrint this page