CLI Guide

match
Match a sequence number to the transmission control protocol (TCP)/user datagram protocol (UDP) packets.
Syntax
match seq-num {tcp | udp} {ipv6 | ip} port-num dest-ip dest-port-num
To remove the match lter for the crypto map, use the no match seq-num command.
Parameters
seq-num Enter the match command sequence number. The range is from 0 to 255.
tcp Enter the keyword tcp to congure a TCP access list lter.
udp Enter the keyword udp to congure a UDP access list lter.
ipv6 Enter the source IPv6 address.
ip Enter the source IPv4 address.
port-num Enter the source port number. The range is from 0 to 65535
dest-ip Enter the destination IP address.
dest-port-num Enter the destination port number. The range is from 0 to 65535.
Defaults none
Command Modes CONFIG-CRYPTO-POLICY
Supported Modes Full–Switch
Command History
Version Description
9.9(0.0) Introduced on the FN IOM.
9.2(0.0) Introduced on the MXL 10/40GbE Switch IO Module.
Usage Information UDP is not supported. Only TCP 23 telnet and 21 FTP are supported.
Example
Dell(conf-crypto-policy)#match 0 tcp a::1 /128 0 a::2 /128 23
Dell(conf-crypto-policy)#match 1 tcp a::1 /128 23 a::2 /128 0
Dell(conf-crypto-policy)#match 2 tcp a::1 /128 0 a::2 /128 21
Dell(conf-crypto-policy)#match 3 tcp a::1 /128 21 a::2 /128 0
Dell(conf-crypto-policy)#match 4 tcp 1.1.1.1 /32 0 1.1.1.2 /32 23
Dell(conf-crypto-policy)#match 5 tcp 1.1.1.1 /32 23 1.1.1.2 /32 0
Dell(conf-crypto-policy)#match 6 tcp 1.1.1.1 /32 0 1.1.1.2 /32 21
Dell(conf-crypto-policy)#match 7 tcp 1.1.1.1 /32 21 1.1.1.2 /32 0
session-key
Specify the session keys used in the crypto policy entry.
Syntax
session-key {inbound | outbound} {ah spi hex-key-string | esp spi encrypt hex-
key-string auth hex-key-string
To delete the session key information from the crypto policy, use the no session-key {inbound |
outbound} {ah | esp} command.
632 Internet Protocol Security (IPSec)