DELL N3000 User Manual
Configuring Access Control Lists
595
based routing. If the network administrator instead wants to drop a packet
that does not match the specified criteria, a set statement must be configured
to route the packet to interface null0 as the last entry in the route-map.
Deny route-maps forward packets with matching ACL criteria using normal
Deny route-maps forward packets with matching ACL criteria using normal
route table lookups. If an associated ACL rule is marked as deny, traditional
destination-based routing is performed on the packet meeting the match
criteria. A set clause is required in a deny route map for it to be processed.
Route-maps may specify multiple packet attributes in match statements.
Route-maps may specify multiple packet attributes in match statements.
These attributes can be matched through a “match” clause based on the
length of the packet or a “match” clause linked with an ACL.
The following packet attributes are supported to classify L3 routed traffic for
The following packet attributes are supported to classify L3 routed traffic for
PBR:
• MAC access list (match mac-list)
–
Source MAC address
–
802.1p priority
• IP access list (match ip address)
–
Source or destination IP address
–
Source or destination TCP/UDP port
• L3 packet length in the IP header (match length)
The Policy Based Routing feature overrides the normal routing decisions
taken by the router and attempts to route the packet using the criteria in the
set clause:
• List of next hop IP addresses — The set ip next-hop command checks for
the next-hop address in the routing table, and if the next-hop address is
present and active in the routing table, then the policy routes the ACL
matching packets to the next hop. If the next hop is not present in the
routing table, the command uses the normal routing table to route the
packet. Non-matching packets are routed using the normal routing table.
The IP address must specify an adjacent next-hop router in the path
toward the destination to which the packets should be routed. The first
available IP address associated with a currently active routing entry is used
to route the packets. This type of rule takes priority over explicit routing
entries in the routing table, but not default routing entries.