Concept Guide

ManualsBrandsDell ManualsAccess PlatformsW-IAP114/115

491

492

493

494

495

496

497

498

499

500

494| ip access-list route Dell Networking W-Series ArubaOS 6.5.x| Reference Guide

Parameter Description

l udp <0-65535>: UDP destination port number (0-65535)

l udp source<0-65535>: UDP source port number

Action if rule is applied, which can be one of the following:

l forward: Explicitly define an ACL with a forward action to skip policy-based routing

for traffic which would otherwise match another policy-based routing rule.

l route ipsec-map <ipsec-map-name>: Redirected over a VPN tunnel by

specifying the ipsec-map name. For more information on IPsec maps, see crypto-

local ipsec-map.

l route next-hop-list <next-hop-list-name>: Packets can be routed to a nexthop

router on a nexthop list by specifying the nexthop list name. For more information

on nexthop lists, see ip nexthop-list.

l route tunnel <tunnel-id>: Packets can be redirected over an L3 GRE tunnel.

l route tunnel-group <tunnelgroupname>: Packets can be redirected over an L3

GRE tunnel group. For more information on tunnel groups, see tunnel-group.

l [position <position>]: (Optional) Specify the position of the forwarding or routing

rule. (1 is first, default is last)

Usage Guidelines

Policy-based routing is an optional feature that allows allows packets to be routed based on access control lists

(ACLs) configured by the administrator. By default, when a controller receives a packet for routing, it looks up

the destination IP in the routing table and forwards the packet to the nexthop router. If policy-based routing is

configured, the nexthop device can be chosen based on a defined access control list.

In a typical deployment scenario with multiple uplinks, the default route only uses one of the uplink next-hops

for forwarding packets. If a nexthop becomes unreachable, the packets will not reach their destination. If your

deployment uses policy-based routing based on a nexthop list, any of the uplink nexthops could be used for

forwarding traffic. This requires a valid ARP entry (Route-cache) in the system for all the policy-based routing

nexthops.

Example

The following command configures a routing access list using an IPsec map.

(host)(config)# ip access-list route pbr1

any any udp 100 route ipsec-map VPN1

Related Commands

Command Description

routing-policy-map This command associates a routing access control list (ACL) with a user role.

interface vlan ip access-

group

This command associates a routing access control list (ACL) with a specific

VLAN.

ip nexthop-list

Use this command to define a next-hop list for a routing policy