Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4810P

111

112

113

114

115

116

117

118

119

120

ACLs acl1 and acl2 have overlapping rules because the address range 20.1.1.0/24 is within 20.0.0.0/8. Therefore (without the

keyword order), packets within the range 20.1.1.0/24 match positive against cmap1 and are buered in queue 7, though you intended

for these packets to match positive against cmap2 and be buered in queue 4.

In cases where class-maps with overlapping ACL rules are applied to dierent queues, use the order keyword to specify the order

in which you want to apply ACL rules. The order can range from 0 to 254. Dell Networking OS writes to the CAM ACL rules with

lower-order numbers (order numbers closer to 0) before rules with higher-order numbers so that packets are matched as you

intended. By default, all ACL rules have an order of

255.

Example of the

order

Keyword to Determine ACL Sequence

Dell(conf)#ip access-list standard acl1

Dell(config-std-nacl)#permit 20.0.0.0/8

Dell(config-std-nacl)#exit

Dell(conf)#ip access-list standard acl2

Dell(config-std-nacl)#permit 20.1.1.0/24 order 0

Dell(config-std-nacl)#exit

Dell(conf)#class-map match-all cmap1

Dell(conf-class-map)#match ip access-group acl1

Dell(conf-class-map)#exit

Dell(conf)#class-map match-all cmap2

Dell(conf-class-map)#match ip access-group acl2

Dell(conf-class-map)#exit

Dell(conf)#policy-map-input pmap

Dell(conf-policy-map-in)#service-queue 7 class-map cmap1

Dell(conf-policy-map-in)#service-queue 4 class-map cmap2

Dell(conf-policy-map-in)#exit

Dell(conf)#interface te 10/1

Dell(conf-if-te-10/1)#service-policy input pmap

Important Points to Remember

• For route-maps with more than one match clause:

– Two or more match clauses within the same route-map sequence have the same match commands (though the values are

dierent), matching a packet against these clauses is a logical OR operation.

– Two or more match clauses within the same route-map sequence have dierent match commands, matching a packet

against these clauses is a logical AND operation.

• If no match is found in a route-map sequence, the process moves to the next route-map sequence until a match is found, or

there are no more sequences.

• When a match is found, the packet is forwarded and no more route-map sequences are processed.

– If a continue clause is included in the route-map sequence, the next or a specied route-map sequence is processed after a

match is found.

Conguration Task List for Route Maps

Congure route maps in ROUTE-MAP mode and apply the maps in various commands in ROUTER RIP and ROUTER OSPF modes.

The following list includes the conguration tasks for route maps, as described in the following sections.

• Create a route map (mandatory)

• Congure route map lters (optional)

• Congure a route map for route redistribution (optional)

• Congure a route map for route tagging (optional)

Creating a Route Map

Route maps, ACLs, and prex lists are similar in composition because all three contain lters, but route map lters do not contain the

permit and deny actions found in ACLs and prex lists.

Route map lters match certain routes and set or specic values.

116

Access Control Lists (ACLs)