Use the route-map match command to create a route map entry that uses match criteria to delineate traffic. Also use this command to change the matching conditions associated with an existing entry.route-map <route map name> <priority value> match protocol <IP protocol number or name> {<source ip address/netmask> | any} {<destination ip address/netmask> | any} [dscp {<dscp value> | any}] [vlan {any | <1..4094> | <interface.tag> | <any.tag> | <interface.any> | <interface.native>}]route-map <route map name> <priority value> match protocol ip {<source ip address/netmask> | any} {<destination ip address/netmask> | any} [app {<application name> | any}] [dscp {<dscp value> | any}] [vlan {any | <1..4094> | <interface.tag> | <any.tag> | <interface.any> | <interface.native>}]route-map <route map name> <priority value> match protocol {tcp | udp} {<source IP address/netmask> | any} {<destination IP address/netmask> | any} [{<source port number> | any} {<destination port number> | any}] [dscp {<dscp value> | any}] [vlan {any | <1..4094> | <interface.tag> | <any.tag> | <interface.any> | <interface.native>}]route-map <route map name> <priority value> match vlan {any | <1..4094> | <interface.tag> | <any.tag> | <interface.any> | <interface.native>}
route map <route map name> Designates a priority value for the map entry. Acceptable values are from 1 to 65534. By default, the appliance reserves 65535 for the default entry. match acl <ACL name> match app <application name>
• af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, be, cs1, cs2, cs3, cs4, cs5, cs6, cs7, or ef.
• any is a wildcard. any is a wildcard. Creates or modifies an entry that matches traffic with a specific protocol that is NOT named specifically as ip, tcp, or udp:
match protocol ip
• When you specify protocol ip, the assumption is that you are allowing any IP protocol. In that case, you also need to specify an application (or application group). If you don’t, the CLI defaults to specifying any application.
• If you don’t choose to specify a DSCP value in the full command, then the CLI defaults to specifying any DSCP value in the policy entry.
• If you don’t choose to specify source and destination ports in the full command, then the CLI defaults to specifying 0:0 (any source port and any destination port) in the policy entry.
• If you don’t choose to specify a DSCP value in the full command, then the CLI defaults to specifying any DSCP value in the policy entry.
• <1..4094> the number assigned to a VLAN
• <interface.tag> as in lan0.10
• <any.tag> as in any.10
• <interface.any> as in lan0.any
• <interface.native> as in lan0.native
• any is a wildcard. Specifies the source IP address and netmask in slash notation. For example, 10.2.0.0 0.0.255.255 should be entered as 10.2.0.0/16.
For each route-map match command with a given priority, you must create a route-map set command with the same priority. But, you cannot create a set command without having first created the match command.(config) # route-map vinnie 100 match dscp be(config) # route-map vinnie 70 match app secure(config) # route-map map2 20 match protocol ip any 172.34.8.0 aol(config) # route-map map2 20 match protocol ip any 172.34.8.0 aol any(config) # route-map arthouse 30 match protocol udp any 122.33.4.0/24 41:0(config) # route-map arthouse 30 match protocol udp any 122.33.4.0/24 41:0 any(config) # route-map autobahn 10 match protocol igp any any dscp af112
Please send comments or suggestions regarding user documentation to techpubs@silver-peak.com. |