route-map match

Description

Use the route-map match command to create a route map entry that uses match criteria to delineate traffic. Also use this command to change the matching conditions associated with an existing entry.

Syntax

route-map <route map name> <priority value> match acl <ACL name>

route-map <route map name> <priority value> match app {<application name> | <application group>}

route-map <route map name> <priority value> match dscp {<dscp value> | any}

route-map <route map name> <priority value> match protocol <IP protocol number or name> {<source ip address/netmask> | any} {<destination ip address/netmask> | any} [dscp {<dscp value> | any}] [vlan {any | <1..4094> | <interface.tag> | <any.tag> | <interface.any> | <interface.native>}]

route-map <route map name> <priority value> match protocol ip {<source ip address/netmask> | any} {<destination ip address/netmask> | any} [app {<application name> | any}] [dscp {<dscp value> | any}] [vlan {any | <1..4094> | <interface.tag> | <any.tag> | <interface.any> | <interface.native>}]

route-map <route map name> <priority value> match protocol {tcp | udp} {<source IP address/netmask> | any} {<destination IP address/netmask> | any} [{<source port number> | any} {<destination port number> | any}] [dscp {<dscp value> | any}] [vlan {any | <1..4094> | <interface.tag> | <any.tag> | <interface.any> | <interface.native>}]

route-map <route map name> <priority value> match vlan {any | <1..4094> | <interface.tag> | <any.tag> | <interface.any> | <interface.native>}

Arguments

route map <route map name>	Specifies which route map. If the name doesn’t exist, the CLI creates it.
<priority value>	Designates a priority value for the map entry. Acceptable values are from 1 to 65534. By default, the appliance reserves 65535 for the default entry.
match acl <ACL name>	Creates an entry that uses an existing ACL to match traffic. Also use this command to change the ACL associated with an existing entry.
match app <application name>	Creates an entry that uses a built-in or user-defined application—or an application group—to match traffic. Also use this command to change the application associated with an existing entry. For a list of built-in applications, see Table 3‑1, “Applications on the Silver Peak Appliance”.
match dscp {<dscp value> | any}	Creates or modifies an entry that matches traffic with a specific DSCP marking. You can use any of the following values: • af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, be, cs1, cs2, cs3, cs4, cs5, cs6, cs7, or ef. • any is a wildcard.
any	any is a wildcard.
match protocol <IP protocol number or name>	Creates or modifies an entry that matches traffic with a specific protocol that is NOT named specifically as ip, tcp, or udp: • The available IP protocol numbers include 1 through 254. • The available IP protocol names include:

 

ah	egp	eigrp	encap
esp	etherip	fc	gre
icmp	idpr	idpr-cmtp	idrp
igmp	igp	ip-comp	ip-mobility
ipip	ipip4	ipx-in-ip	irtp
iso-ip	iso-tp4	I2tp	mhrp
ospf	pim	rdp	rsvp
sctp	tlsp	vrrp

 

match protocol ip	Creates or modifies an entry that matches specific IP addresses. • When you specify protocol ip, the assumption is that you are allowing any IP protocol. In that case, you also need to specify an application (or application group). If you don’t, the CLI defaults to specifying any application. • If you don’t choose to specify a DSCP value in the full command, then the CLI defaults to specifying any DSCP value in the policy entry.
match protocol {tcp | udp}	Creates or modifies an entry that matches specific TCP or UDP addresses. • If you don’t choose to specify source and destination ports in the full command, then the CLI defaults to specifying 0:0 (any source port and any destination port) in the policy entry. • If you don’t choose to specify a DSCP value in the full command, then the CLI defaults to specifying any DSCP value in the policy entry.
match vlan {any | <1..4094> | <interface.tag> | <any.tag> | <interface.any> | <interface.native>}	Creates or modifies an entry that matches an interface and 802.1q VLAN tag. The available values include: • <1..4094> the number assigned to a VLAN • <interface.tag> as in lan0.10 • <any.tag> as in any.10 • <interface.any> as in lan0.any • <interface.native> as in lan0.native • any is a wildcard.
<source ip address/netmask>	Specifies the source IP address and netmask in slash notation. For example, 10.2.0.0 0.0.255.255 should be entered as 10.2.0.0/16.
<destination ip address/netmask>	Specifies the destination IP address and netmask in slash notation. For example, 10.2.0.0/16.

Defaults

None.

Command Mode

Global Configuration Mode

See Also

See the following related commands:

n	“route-map”

n	“route-map set”

n	“route-map activate”

n	“no route-map”

n	“route-map modify-priority”

n	“show route-map”

Usage Guidelines

You can specify one of the following standard (built-in) applications (listed alphabetically left to right):

Applications on the Silver Peak Appliance  

3par	aol	aol_im	aspera
avamar	backweb	bit_torrent	bluearc
celerra	centera	cifs_smb	cisco_skinny
citrix	commvault	cuseeme	cvs
datadomain	ddm	ddm_ssl	dns
doom	doubletake	echo	edonkey
fcip	filenet	ftp	ftps
gnutella	h_323	hadoop	hostname
http	https	ibm_db2	ifcp
imap	imap4s	ipsec	irc
irc_ssl	isakmp	iscsi	isns
ivisit	kazaa	kerberos	l2tp
ldap	ldaps	lotus_cc_mail	lotus_notes
matip	ms_exchange	ms_media	ms_messenger
ms_odbc	ms_ole	ms_rpc	ms_sql
ms_terminal_services	ms_zone	nameserver	ndmp
netbios	nfs	nntp	nntps
novell	ntp	openwindows	oracle
pcanywhere	pcmail	pcoip	peoplesoft
pop	pop3s	pptp	printer
quake	recoverpoint	rlogin	routing
rtcp	rtsp	sap	sgcp
sgmp	shell	silverpeak_comm	silverpeak_gms
silverpeak_internal	silverpeak-peer	silverpeak-tcpperf	sip
sip_tls	smtp	smtps	snapmirror
snmp	sql	srdf	ssh
sshell	sun_rpc	sybase	syslog
t_120	tacacs	telnet	telnets
tftp	timbuktu	time	uucp
vnc	vplex	vvr	xwindows
yahoo_games	yahoo_im

For each route-map match command with a given priority, you must create a route-map set command with the same priority. But, you cannot create a set command without having first created the match command.

Examples

To create a match criteria with a priority of “100” for the map, “vinnie”, that filters for all traffic coming from the LAN with a DSCP marking of “best effort”:

(config) # route-map vinnie 100 match dscp be

To create a match criteria with a priority of “70” for the map, “vinnie”, that filters for the application group, “secure”:

(config) # route-map vinnie 70 match app secure

To create a match criteria with a priority of “20” for “map2” that filters for all AOL traffic that’s headed from the LAN to 172.34.8.0:

(config) # route-map map2 20 match protocol ip any 172.34.8.0 aol

Since you haven’t specified a DSCP value, the criteria will include all DSCP values, as if you had written it as follows:

(config) # route-map map2 20 match protocol ip any 172.34.8.0 aol any

To create a match criteria with a priority of “30” for the map, “arthouse” that filters for all UDP traffic coming from port 41 and having a destination of 122.33.44.0/24:

(config) # route-map arthouse 30 match protocol udp any 122.33.4.0/24 41:0

Since you haven’t specified a DSCP value, the criteria will include all DSCP values, as if you had written it as follows:

(config) # route-map arthouse 30 match protocol udp any 122.33.4.0/24 41:0 any

To create a match criteria with a priority of “10” for the map, “autobahn” that filters for all Interior Gateway Protocol (IGP) traffic that has a DSCP marking of “af11”:

(config) # route-map autobahn 10 match protocol igp any any dscp af112

Please send comments or suggestions regarding user documentation to techpubs@silver-peak.com.