Users Guide
match
Apply an match filter to the crypto policy.
Syntax
match seq-num tcp [sourceip address | ipv6 address {mask} {source-port number}]
[destination ip address | ipv6 address {mask} {destination-port number}]
To remove the match filter for the crypto map, use the no match seq-num tcp [source ip address
| ipv6 address {mask} {source-port number}] [destination ip address | ipv6
address {mask} {destination-port number}] command.
Parameters
seq-num
Enter the match command sequence number.
source
ip-address |
ipv6 address
Enter the keyword source then the IPv4 or IPv6 address for the source.
mask
Enter the mask prefix length in /nn format.
source-port
number
Enter the source port number.
destination-port
number
Enter the destination port number.
Defaults None
Command Modes CONFIG-CRYPTO-POLICY
Command History
This guide is platform-specific. For command information about other platforms, see the relevant Dell Networking
OS Command Line Reference Guide.
Version Description
9.8(2.0) Introduced on the S3100 series.
9.8(0.0P5) Introduced on the S4048-ON.
9.8(0.0P2) Introduced on the S3048-ON.
9.2(0.2) Introduced on the Z9000, S4810, and S4820T.
9.2(1.0) Introduced on the Z9500.
Usage Information
• IPv4 addresses support only -/32 mask types.
• IPv6 addresses support only -/128 mask types.
• Configure match for bi-directional traffic for optimal routing.
• Only TCP is supported.
Example
match 0 tcp a::1 /128 0 a::2 /128 23
match 1 tcp a::1 /128 23 a::2 /128 0
match 2 tcp a::1 /128 0 a::2 /128 21
match 3 tcp a::1 /128 21 a::2 /128 0
match 4 tcp 1.1.1.1 /32 0 1.1.1.2 /32 23
match 5 tcp 1.1.1.1 /32 23 1.1.1.2 /32 0
match 6 tcp 1.1.1.1 /32 0 1.1.1.2 /32 21
match 7 tcp 1.1.1.1 /32 21 1.1.1.2 /32 0
session-key
Specify the session keys used in the crypto policy entry.
Syntax
session-key {inbound | outbound} {ah spi hex-key-string | esp spi encrypt hex-
key-string auth hex-key-string
Internet Protocol Security (IPSec) 621