Routing Commands / Policy-Based Routing Commands
Parent topic: Policy-Based Routing Commands

match ip address <access-list-number | access-list-name>

Use this command to configure a route map in order to match based on the match criteria configured in an IP access-list. Note that an IP ACL must be configured before it is linked to a route-map. Actions present in an IP ACL configuration are applied with other actions involved in route-map. If an IP ACL referenced by a route-map is removed or rules are added or deleted from that ACL, the configuration is rejected.

If there are a list of IP access-lists specified in this command and the packet matches at least one of these access-list match criteria, the corresponding set of actions in route-map are applied to packet.

If there are duplicate IP access-list numbers/names in this command, the duplicate configuration is ignored.

Default No match criteria are defined by default.
Format match ip address access-list-number | access-list-name [...access-list-number | name ]
Mode Route Map Configuration
Parameter Description
Access-list-number The access-list number that identifies an access-list configured through access-list CLI configuration commands. This number is 1 to 99 for standard access list number. This number is 100 to 199 for extended access list number.
Access-list-name The access-list name that identifies named IP ACLs. Access-list name can be up to 31 characters in length. A maximum of 16 ACLs can be specified in this 'match' clause.

Example: The following sequence shows creating a route-map with "match" clause on ACL number and applying that route-map on an interface.

(Routing) (config)#access-list 1 permit ip 10.1.0.0 0.0.255.255
(Routing) (config)#access-list 2 permit ip 10.2.0.0 0.0.255.255
(Routing) (config)#route-map equal-access permit 10
(Routing) (config-route-map)#match ip address 1
(Routing) (config-route-map)#set ip default next-hop 192.168.6.6
(Routing) (config-route-map)#route-map equal-access permit 20
(Routing) (config-route-map)#match ip address 2
(Routing) (config-route-map)#set ip default next-hop 172.16.7.7
(Routing) (config)#interface 1/0/1
(Routing) (Interface 1/0/1)#ip address 10.1.1.1 255.255.255.0
(Routing) (Interface 1/0/1)#ip policy route-map equal-access
(Routing) (config)#interface 1/0/2
(Routing) (Interface 1/0/2)#ip address 192.168.6.5 255.255.255.0
(Routing) (config)#interface 1/0/3
(Routing) (Interface 1/0/3)#ip address 172.16.7.6 255.255.255.0
The ip policy route-map equal-access command is applied to interface 1/0/1. All packets coming inside
1/0/1 are policy-routed.
Sequence number 10 in route map equal-access is used to match all packets sourced from any host in
subnet 10.1.0.0. If there is a match, and if the router has no explicit route for the packet’s
destination, it is sent to next-hop address 192.168.6.6 .
Sequence number 20 in route map equal-access is used to match all packets sourced from any host in
subnet 10.2.0.0. If there is a match, and if the router has no explicit route for the packet’s
destination, it is sent to next-hop address 172.16.7.7.
Rest all packets are forwarded as per normal L3 destination-based routing.

Example: This example illustrates the scenario where IP ACL referenced by a route-map is removed or rules are added or deleted from that ACL, this is how configuration is rejected:

(Routing) #show ip access-lists

ACL Counters: Enabled
Current number of ACLs: 9  Maximum number of ACLs: 100

ACL ID/Name                      Rules  Direction  Interface(s)      VLAN(s)
-------------------------------  -----  ---------  ----------------  ----------
1                                1
2                                1
3                                1
4                                1
5                                1
madan                            1

(Routing) #show mac access-lists

ACL Counters: Enabled
Current number of all ACLs: 9  Maximum number of all ACLs: 100

MAC ACL Name                     Rules  Direction  Interface(s)      VLAN(s)
-------------------------------  -----  ---------  ----------------  ----------
madan                            1
mohan                            1
goud                             1

(Routing) #
(Routing) #
(Routing) #configure

(Routing) (Config)#route-map madan
(Routing) (route-map)#match ip address 1 2 3 4 5 madan
(Routing) (route-map)#match mac-list madan mohan goud
(Routing) (route-map)#exit
(Routing) (Config)#exit
(Routing) #show route-map

route-map madan permit 10
     Match clauses:
       ip address (access-lists) : 1 2 3 4 5 madan
       mac-list (access-lists) : madan mohan goud
     Set clauses:

(Routing) (Config)#access-list 2 permit every

Request denied. Another application using this ACL restricts the number of rules allowed.

(Routing) (Config)#ip access-list madan
(Routing) (Config-ipv4-acl)#permit udp any any

Request denied. Another application using this ACL restricts the number of rules allowed.
Parent topic: Policy-Based Routing Commands

www.lancom-systems.com

LANCOM Systems GmbH | A Rohde & Schwarz Company | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E‑Mail [email protected]

LANCOM Logo
OSZAR »