match

Sets the match clauses. Each route map entry has a set of match clauses used to segregate and filter packets. Packets can be segregated using any one of the following criteria:
  • IP Access List - A typical IP ACL can be used for routing traffic. The mark and log actions in ACL rules however are neglected. Route-map entries have separate logging. Only one ACL can be configured per route map entry.

    ACL rules configured under route map entries merge to create a single ACL. Route map precedence values determine the prioritization of the rules in this merged ACL. An IP DSCP value is also added to the ACL rules.

  • IP DSCP - Packet filtering can be performed by traffic class, as determined from the IP Differentiated Services Code Point (DSCP) field. One DSCP value can be configured per route map entry. If IP ACLs on a WLAN, ports or SVI mark packets, the new/marked DSCP value is used for matching.
  • Incoming WLAN - Packets can be filtered on the basis of the incoming WLAN. Depending on whether the receiving device has an onboard radio or not, the following two scenarios are possible:
    • Device with an onboard radio: If a device having an onboard radio and capable of PBR receives a packet on a local WLAN, this WLAN is used for selection.
    • Device without an onboard radio: If a device, without an onboard radio, capable of PBR receives a packet from an extended VLAN, it passes the WLAN information in the MiNT packet to the PBR router. The PBR router uses this information as match criteria.
  • Client role - The client role can be used as match criteria, similar to a WLAN. Each device has to agree on a unique identifier for role definition and pass the same MINT tunneled packets.
  • Incoming SVI - A source IP address qualifier in an ACL typically satisfies filter requirements. But if the source host (where the packet originates) is multiple hops away, the incoming SVI can be used as match criteria. In this context the SVI refers to the device interface performing PBR, and not to the source device.

The action taken for filtered packets is determined by the mark (action) clauses. If no action is defined, the default is to fallback to destination-based routing for packets satisfying the match criteria. For more information on configuring mark clauses, see mark. And for more information on fallback action, see fallback.

Supported in the following platforms:

  • Access Points — AP505i, AP510i/e, AP560i/h
  • Service Platforms — NX5500, NX7500, NX9500, NX9600, VX9000

Syntax

match [incoming-interface|ip|ip-access-list|wireless-client-role|wlan]
match incoming-interface [<ROUTER-IF-NAME>|pppoe1|serial <SLOT-ID> <PORT-ID> 
<CHANNEL-GROUP-ID>|vlan <1-4094>|wwan1]
match ip dscp <0-63>
match ip-access-list <IP-ACCESS-LIST-NAME>
match wireless-client-role <ROLE-POLICY-NAME> <ROLE-NAME>
match wlan <WLAN-NAME>

Parameters

match incoming-interface [<ROUTER-IF-NAME>|pppoe1|serial <SLOT-ID> <PORT-ID> 
<CHANNEL-GROUP-ID>|vlan <1-4094>|wwan1]
incoming-interface Sets the incoming SVI match clause. Specify an interface name.
<ROUTER-IF-NAME> Specifies the layer 3 interface name (route interface)
pppoe1 Specifies the PPP over Ethernet interface
serial <SLOT-ID> <PORT-ID> <CHANNEL-GROUP-ID> Specifies the serial interface‘s slot, port, and channel group IDs.
vlan <1-4094> Specifies the VLAN interface ID
  • <1-4094> – Specify a VLAN ID from 1 - 4094.
wwan1 Specifies the WAN interface name
match ip dscp <0-63>
ip dscp <0-63> Sets the DSCP match clause
  • <0-63> – Specify a value from 0 - 63. The defined DSCP value is used as a matching clause for this route map.
match ip-access-list <IP-ACCESS-LIST-NAME>
ip-access-list <IP-ACCESS-LIST-NAME> Sets the match clause using a pre-configured IP access list
  • <IP-ACCESS-LIST-NAME> – Specify a pre-configured IP access list name.
match wireless-client-role <ROLE-POLICY-NAME> <ROLE-NAME>
wireless-client-role <ROLE-POLICY-NAME> <ROLE-NAME> Sets the wireless client role match clause
  • <ROLE-POLICY-NAME> – Specify a pre-configured role policy.
    • <ROLE-NAME> – Specify a pre-configured role within it.
match wlan <WLAN-NAME>
wlan <WLAN-NAME> Sets the incoming WLAN match clause
  • <WLAN-NAME> – Specify a WLAN name.

Examples

nx9500-6C8809(config-routing-policy-testpolicy-route-map-1)#match incoming-interface pppoe1
nx9500-6C8809(config-routing-policy-testpolicy-route-map-1)#show context
 route-map 1
  match incoming-interface pppoe1
  default-next-hop wwan1
  mark ip dscp 7
nx9500-6C8809(config-routing-policy-testpolicy-route-map-1)#

Related Commands

no (route-map-config-mode-command) Disables match clause settings for this route map