beautypg.com

Configuring the route map – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 147

background image

NOTE
If you use the CIDR format, the ACL entries appear in this format in the running-config and startup-
config files, but are shown with subnet mask in the display produced by the show ip access-list
command.

The host source-ip | hostname parameter lets you specify a host IP address or name. When you use
this parameter, you do not need to specify the mask. A mask of all zeros (0.0.0.0) is implied.

The any parameter configures the policy to match on all host addresses.

NOTE
Do not use the log option in ACLs that will be used for PBR.

Configuring the route map

After you configure the ACLs, you can configure a PBR route map that matches based on the ACLs and
sets routing information in the IP traffic.

NOTE
The match and set statements described in this section are the only route map statements supported
for PBR. Other route map statements described in the documentation apply only to the protocols with
which they are described.

To configure a PBR route map, enter commands such as the following.

device(config)#route-map test-route permit 99

device(config-routemap test-route)#match ip address 99

device(config-routemap test-route)#set ip next-hop 192.168.2.1

device(config-routemap test-route)#exit

The commands in this example configure an entry in a route map named "test-route". The match
statement matches on IP information in ACL 99. The set statement changes the next-hop IP address for
packets that match to 192.168.2.1.

To configure a route map without decrementing the Time-to-Live (TTL) value, enter commands such as
the following.

device(config)#route-map test-route permit 99

device(config-routemap test-route)#match ip address 100

device(config-routemap test-route)#set ip next-hop 192.168.3.1 no-ttl-decrement

device(config-routemap test-route)#exit

By default, the TTL value in the packet header is decremented (decreased) for routed traffic and the
packet will be discarded when the TTL is exhausted. TTL functions as a hop count limit and every
routing hop decrements the TTL value by one. When the TTL value becomes zero, the packet is
discarded to prevent routing loops. The no-ttl-decrement option disables the TTL decrement and the
packets will be forwarded without decrementing TTL for the traffic matched by the policy.

NOTE
The no-ttl-decrement option is supported only on the Brocade ICX 7750.

Syntax: [no] route-map map-name {permit | deny} num

Configuring the route map

FastIron Ethernet Switch Security Configuration Guide

147

53-1003088-03

See also other documents in the category Brocade Computer Accessories: