Users Guide
Congure a Route Map for Route Tagging
One method for identifying routes from dierent routing protocols is to assign a tag to routes from that protocol.
As the route enters a dierent routing domain, it is tagged. The tag is passed along with the route as it passes through dierent routing
protocols. You can use this tag when the route leaves a routing domain to redistribute those routes again.
In the following example, the redistribute ospf command with a route map is used in ROUTER RIP mode to apply a tag of 34 to all
internal OSPF routes that are redistributed into RIP.
Example of the redistribute Command Using a Route Tag
!
router rip
redistribute ospf 34 metric 1 route-map torip
!
route-map torip permit 10
match route-type internal
set tag 34
!
Continue Clause
Normally, when a match is found, set clauses are executed, and the packet is then forwarded; no more route-map modules are processed.
If you congure the continue command at the end of a module, the next module (or a specied module) is processed even after a match
is found. The following example shows a continue clause at the end of a route-map module. In this example, if a match is found in the
route-map “test” module 10, module 30 is processed.
NOTE
: If you congure the continue clause without specifying a module, the next sequential module is processed.
Example of Using the continue Clause in a Route Map
!
route-map test permit 10
match commu comm-list1
set community 1:1 1:2 1:3
set as-path prepend 1 2 3 4 5
continue 30!
Logging of ACL Processes
To assist in the administration and management of trac that traverses the device after being validated by the congured ACLs, you can
enable the generation of logs for access control list (ACL) processes. Although you can congure ACLs with the required permit or deny
lters to provide access to the incoming packet or disallow access to a particular user, it is also necessary to monitor and examine the
trac that passes through the device. To evaluate network trac that is subjected to ACLs, congure the logs to be triggered for ACL
operations. This functionality is primarily needed for network supervision and maintenance activities of the handled subscriber trac.
When ACL logging is congured, and a frame reaches an ACL-enabled interface and matches the ACL, a log is generated to indicate that
the ACL entry matched the packet.
When you enable ACL log messages, at times, depending on the volume of trac, it is possible that a large number of logs might be
generated that can impact the system performance and eciency. To avoid an overload of ACL logs from being recorded, you can
congure the rate-limiting functionality. Specify the interval or frequency at which ACL logs must be triggered and also the threshold or
limit for the maximum number of logs to be generated. If you do not specify the frequency at which ACL logs must be generated, a default
interval of 5 minutes is used. Similarly, if you do not specify the threshold for ACL logs, a default threshold of 10 is used, where this value
refers to the number of packets that are matched against an ACL .
A Layer 2 or Layer 3 ACL contains a set of dened rules that are saved as ow processor (FP) entries. When you enable ACL logging for a
particular ACL rule, a set of specic ACL rules translate to a set of FP entries. You can enable logging separately for each of these FP
Access Control Lists (ACLs)
135