Upcoming Maintenance Alert:

The UBNT Community will be upgraded at 5pm MDT on April 25th. During this time the community forums will be set to read-only status.

Learn more

×
Reply
Highlighted
New Member
Posts: 29
Registered: ‎11-05-2016
Accepted Solution

"match" not allowed inside route-map?

Hi all.

 

I'm trying to set up policy-based routing on my ES-48-500W and have a possibly dumb question.

The first command seems to work:

 

(edgesw1) (Config)#route-map vlan100-route permit 10

(edgesw1) (route-map)#

 

After that, I understand I should enter something like "match ip address 1", referring to a prefix-list (or is it an access-list?).

However, the CLI seems to reject "match". Pressing ? at at route-map prompt gives me only this:

 

(edgesw1) (route-map)#?

do Run Privileged Exec mode commands.
exit To exit from the mode.
help Display help for various special keys.
show Display Switch Options and Settings.

 

What am I missing?

 

(full config to follow, it made this post too long)

 


Accepted Solutions
Ubiquiti Employee
Posts: 315
Registered: ‎03-17-2015
Kudos: 29
Solutions: 18

Re: "match" not allowed inside route-map?

Hi rdamazio,

 

Sorry for the inconvenience.

"policy-based routing" isn't supported in current release.(after 1.6.0).

 

Jonjer

View solution in original post


All Replies
New Member
Posts: 29
Registered: ‎11-05-2016

Re: "match" not allowed inside route-map?

Full config (there's a lot still to configure, it's by no means complete, but it works so far):

!Current Configuration:
hostname "edgesw1"
enable password xxx encrypted
network protocol none
network parms 192.168.137.2 255.255.255.0 192.168.137.1
vlan database
vlan 10,13,100,107,110,200,1000,1337
vlan name 10 "Servers"
vlan name 13 "Blackhole"
vlan name 100 "User devices"
vlan name 107 "IoT"
vlan name 110 "Guests"
vlan name 200 "Cameras"
vlan name 1000 "Distribution uplink"
vlan name 1337 "Management"
set igmp 100
set igmp querier 100
set igmp querier election participate 100
set igmp querier 107
set igmp querier election participate 107
vlan routing 100 1
vlan routing 107 2
vlan routing 10 3
vlan routing 200 4
vlan routing 1000 7
vlan association mac 00:xx:A3:xx:01:A5 107
vlan association mac 00:xx:A3:xx:02:6C 107
vlan association mac 00:xx:63:xx:77:A1 100
vlan association mac 00:xx:C5:xx:71:3E 107
vlan association mac 00:xx:C0:xx:64:02 107
vlan association mac 00:xx:EC:xx:B2:DF 100
vlan association mac 00:xx:63:xx:05:87 107
vlan association mac 5C:xx:7D:xx:83:19 107
vlan association mac B8:xx:37:xx:FA:08 107
vlan association mac BC:xx:85:xx:89:C8 107
vlan association mac BC:xx:7B:xx:C5:60 100
vlan association mac E0:xx:66:xx:1C:4B 107
exit
network mgmt_vlan 1337
ip http session soft-timeout 30
ip ssh server enable
sshcon timeout 30
no ip telnet server enable
configure
sntp server "2.ubnt.pool.ntp.org" 2
sntp server "0.ubnt.pool.ntp.org" 3
clock summer-time recurring USA offset 60 zone "PDT"
clock timezone -8 minutes 0 zone "PST"
dos-control icmpv4
dos-control icmpv6
dos-control sipdip
dos-control smacdmac
dos-control tcpfinurgpsh
dos-control tcpflagseq
dos-control tcpsynfin
ip domain name "mgmt.home.xxx.org"
ip domain list "home.xxx.org"
ip name server 192.168.100.1 8.8.8.8 8.8.4.4
logging host "192.168.137.10" ipv4 514 info
logging syslog
logging email
logging email from-addr xxx@gmail.com
logging email message-type urgent to-addr xxx@xxx.org
logging email message-type non-urgent to-addr xxx@xxx.org
logging email message-type urgent subject "EdgeSwitch Urgent Log Messages"
logging email message-type non-urgent subject "EdgeSwitch Non Urgent Log Messages"
mail-server "smtp.gmail.com"
port 465
security tlsv1
username xxx@gmail.com
password  xxxx
exit
ip routing
ip helper enable
username "ubnt" password xxxxx level 15 encrypted
aaa accounting exec "dfltExecList" start-stop radius
radius server host auth "192.168.137.10" name "pi1"
radius server key auth "192.168.137.10" encrypted xxxx
radius server primary "192.168.137.10"
radius server attribute 4 192.168.137.2
radius server host acct "192.168.137.10" name pi1
radius server key acct "192.168.137.10" encrypted xxxx
line console
serial timeout 60
exit
line telnet
exit
line ssh
exit
spanning-tree configuration name "xxx"
spanning-tree configuration revision 1
port-channel linktrap 3/2
interface 0/37
addport 3/2
exit
interface 0/38
addport 3/2
exit
interface 0/39
addport 3/2
exit
snmp-server sysname "edgesw1"
snmp-server location "Garage"
snmp-server contact "xxx@xxx.org"
!
snmp-server community "xxx" ro ipaddress 192.168.137.10
snmp-server community "yyy" rw ipaddress 192.168.137.10
no snmp-server community "public"
no snmp-server community "private"
snmp-server host 192.168.137.10 traps version 2 "xxx"
acl-trapflags
access-list 1 permit 192.168.100.0 0.0.0.255
access-list 10 permit 192.168.10.0 0.0.0.255
access-list 17 permit 192.168.107.0 0.0.0.255
access-list 17 permit 192.168.100.0 0.0.0.255
access-list 17 permit 224.0.0.0 0.128.255.255
ip access-list from_cast
permit udp 192.168.107.208 0.0.0.15 range 32768 65535 any range 32768 65535
exit
ip access-list iot2servers
permit tcp 192.168.107.192 0.0.0.15 any eq 445
exit
ip access-list minimal_in
permit tcp any any flag established
permit udp any eq 68 host 255.255.255.255 eq 67
exit
ip access-list users2servers
permit tcp 192.168.100.0 0.0.0.255 any eq 445
exit
ip access-list from_sonos
permit tcp 192.168.107.192 0.0.0.15 any range 3400 3401
permit tcp 192.168.107.192 0.0.0.15 any eq 3500
permit udp 192.168.107.192 0.0.0.15 any eq 1901
permit udp 192.168.107.192 0.0.0.15 any eq 6969
exit
ip access-list guests
permit ip host 192.168.110.1 any
deny ip 192.168.110.0 0.0.0.255 192.168.110.0 0.0.0.255
deny ip any host 255.255.255.255
deny ip any 224.0.0.0 0.128.255.255
permit ip 192.168.110.0 0.0.0.255 any
exit
ip access-list multicast
permit ip any 224.0.0.0 127.255.255.255
exit
ip access-group minimal_in vlan 10 in 10
ip access-group 10 vlan 10 in 20
ip access-group multicast vlan 10 in 30
ip access-group users2servers vlan 10 in 100
ip access-group iot2servers vlan 10 in 110
ip access-group minimal_in vlan 100 in 10
ip access-group 1 vlan 100 in 20
ip access-group multicast vlan 100 in 30
ip access-group from_sonos vlan 100 in 100
ip access-group from_cast vlan 100 in 120
ip access-group minimal_in vlan 107 in 10
ip access-group 17 vlan 107 in 20
ip access-group multicast vlan 107 in 30
ip access-group minimal_in vlan 110 in 10
ip access-group guests vlan 110 in 20
ip prefix-list vlan100 description 'Users VLAN'
ip prefix-list vlan100 seq 100 permit 192.168.100.0/24
route-map vlan100-route permit 10
exit
set igmp
set igmp querier
ip dhcp snooping
ip dhcp snooping vlan 1,10,100,107,110
interface 0/1
description 'Downstairs office'
set igmp
ip dhcp snooping log-invalid
vlan pvid 110
vlan acceptframe admituntaggedonly
vlan ingressfilter
vlan participation exclude 1,10,13,200,1000,1337
vlan participation include 100,107,110
exit
interface 0/2
description 'Downstairs office'
set igmp
ip dhcp snooping log-invalid
vlan pvid 110
vlan acceptframe admituntaggedonly
vlan ingressfilter
vlan participation exclude 1,10,13,200,1000,1337
vlan participation include 100,107,110
exit
interface 0/3
description 'Downstairs office'
set igmp
ip dhcp snooping log-invalid
vlan pvid 110
vlan acceptframe admituntaggedonly
vlan ingressfilter
vlan participation exclude 1,10,13,200,1000,1337
vlan participation include 100,107,110
exit
interface 0/4
description 'Downstairs office'
set igmp
ip dhcp snooping log-invalid
vlan pvid 110
vlan acceptframe admituntaggedonly
vlan ingressfilter
vlan participation exclude 1,10,13,200,1000,1337
vlan participation include 100,107,110
exit
interface 0/5
description 'Downstairs office'
set igmp
ip dhcp snooping log-invalid
vlan pvid 110
vlan acceptframe admituntaggedonly
vlan ingressfilter
vlan participation exclude 1,10,13,200,1000,1337
vlan participation include 100,107,110
exit
interface 0/6
description 'Downstairs office'
set igmp
ip dhcp snooping log-invalid
vlan pvid 110
vlan acceptframe admituntaggedonly
vlan ingressfilter
vlan participation exclude 1,10,13,200,1000,1337
vlan participation include 100,107,110
exit
interface 0/7
description 'Upstairs office access'
set igmp
ip dhcp snooping log-invalid
vlan pvid 110
vlan acceptframe admituntaggedonly
vlan ingressfilter
vlan participation exclude 1,10,13,200,1000,1337
vlan participation include 100,107,110
exit
interface 0/8
description 'Upstairs office access'
set igmp
ip dhcp snooping log-invalid
vlan pvid 110
vlan acceptframe admituntaggedonly
vlan ingressfilter
vlan participation exclude 1,10,13,200,1000,1337
vlan participation include 100,107,110
exit
interface 0/9
description 'Upstairs office access'
set igmp
ip dhcp snooping log-invalid
vlan pvid 110
vlan acceptframe admituntaggedonly
vlan ingressfilter
vlan participation exclude 1,10,13,200,1000,1337
vlan participation include 100,107,110
exit
interface 0/10
description 'Upstairs office trunk'
set igmp
set igmp mrouter interface
set igmp mrouter 100
set igmp mrouter 107
ip dhcp snooping log-invalid
vlan pvid 13
vlan ingressfilter
vlan participation exclude 1,13,1000
vlan participation include 10,100,107,110,200,1337
vlan tagging 10,100,107,110,200,1337
lldp transmit
lldp transmit-tlv port-desc
lldp transmit-tlv sys-name
lldp transmit-tlv sys-desc
lldp transmit-tlv sys-cap
lldp transmit-mgmt
lldp notification
exit
interface 0/11
description 'Upstairs office access'
set igmp
ip dhcp snooping log-invalid
vlan pvid 110
vlan acceptframe admituntaggedonly
vlan ingressfilter
vlan participation exclude 1,10,13,200,1000,1337
vlan participation include 100,107,110
exit
interface 0/12
shutdown
description 'Upstairs office access'
set igmp
ip dhcp snooping log-invalid
vlan pvid 110
vlan acceptframe admituntaggedonly
vlan ingressfilter
vlan participation exclude 1,10,13,200,1000,1337
vlan participation include 100,107,110
exit
interface 0/13
description 'Living room'
set igmp
ip dhcp snooping log-invalid
vlan pvid 110
vlan acceptframe admituntaggedonly
vlan ingressfilter
vlan participation exclude 1,10,13,200,1000,1337
vlan participation include 100,107,110
exit
interface 0/14
description 'Living room'
set igmp
ip dhcp snooping log-invalid
vlan pvid 110
vlan acceptframe admituntaggedonly
vlan ingressfilter
vlan participation exclude 1,10,13,200,1000,1337
vlan participation include 100,107,110
exit
interface 0/15
description 'Living room'
set igmp
ip dhcp snooping log-invalid
vlan pvid 110
vlan acceptframe admituntaggedonly
vlan ingressfilter
vlan participation exclude 1,10,13,200,1000,1337
vlan participation include 100,107,110
exit
interface 0/16
description 'Living room'
set igmp
ip dhcp snooping log-invalid
vlan pvid 110
vlan acceptframe admituntaggedonly
vlan ingressfilter
vlan participation exclude 1,10,13,200,1000,1337
vlan participation include 100,107,110
exit
interface 0/17
description 'Living room'
set igmp
ip dhcp snooping log-invalid
vlan pvid 110
vlan acceptframe admituntaggedonly
vlan ingressfilter
vlan participation exclude 1,10,13,200,1000,1337
vlan participation include 100,107,110
exit
interface 0/18
description 'Living room'
set igmp
ip dhcp snooping log-invalid
vlan pvid 110
vlan acceptframe admituntaggedonly
vlan ingressfilter
vlan participation exclude 1,10,13,200,1000,1337
vlan participation include 100,107,110
exit
interface 0/19
description 'Master bedroom'
set igmp
ip dhcp snooping log-invalid
vlan pvid 110
vlan acceptframe admituntaggedonly
vlan ingressfilter
vlan participation exclude 1,10,13,200,1000,1337
vlan participation include 100,107,110
exit
interface 0/20
description 'Master bedroom'
set igmp
ip dhcp snooping log-invalid
vlan pvid 110
vlan acceptframe admituntaggedonly
vlan ingressfilter
vlan participation exclude 1,10,13,200,1000,1337
vlan participation include 100,107,110
exit
interface 0/21
description 'Master bedroom'
set igmp
ip dhcp snooping log-invalid
vlan pvid 110
vlan acceptframe admituntaggedonly
vlan ingressfilter
vlan participation exclude 1,10,13,200,1000,1337
vlan participation include 100,107,110
exit
interface 0/22
description 'Dining Room'
set igmp
ip dhcp snooping log-invalid
vlan pvid 110
vlan acceptframe admituntaggedonly
vlan ingressfilter
vlan participation exclude 1,10,13,200,1000,1337
vlan participation include 100,107,110
exit
interface 0/23
description 'Dining Room'
set igmp
ip dhcp snooping log-invalid
vlan pvid 110
vlan acceptframe admituntaggedonly
vlan ingressfilter
vlan participation exclude 1,10,13,200,1000,1337
vlan participation include 100,107,110
exit
interface 0/24
description 'Dining Room'
set igmp
ip dhcp snooping log-invalid
vlan pvid 110
vlan acceptframe admituntaggedonly
vlan ingressfilter
vlan participation exclude 1,10,13,200,1000,1337
vlan participation include 100,107,110
exit
interface 0/25
description 'DVR'
set igmp
ip dhcp snooping log-invalid
switchport mode access
switchport access vlan 200
vlan acceptframe admituntaggedonly
vlan ingressfilter
exit
interface 0/26
description 'Automation controller'
set igmp
ip dhcp snooping log-invalid
switchport mode access
switchport access vlan 107
vlan acceptframe admituntaggedonly
vlan ingressfilter
exit
interface 0/27
no port lacpmode
description 'Irrigation controller'
set igmp
no spanning-tree port mode
ip dhcp snooping log-invalid
switchport mode access
switchport access vlan 107
poe opmode shutdown
exit
interface 0/28
no port lacpmode
description 'Irrigation controller'
set igmp
no spanning-tree port mode
ip dhcp snooping log-invalid
switchport mode access
switchport access vlan 107
poe opmode shutdown
exit
interface 0/29
description 'Solar controller'
set igmp
ip dhcp snooping log-invalid
switchport mode access
switchport access vlan 107
vlan acceptframe admituntaggedonly
vlan ingressfilter
exit
interface 0/30
description 'Pool controller'
set igmp
ip dhcp snooping log-invalid
switchport mode access
switchport access vlan 107
vlan acceptframe admituntaggedonly
vlan ingressfilter
exit
interface 0/31
shutdown
description 'RESERVED for camera'
set igmp
ip dhcp snooping log-invalid
switchport mode access
switchport access vlan 200
vlan acceptframe admituntaggedonly
vlan ingressfilter
exit
interface 0/32
shutdown
description 'RESERVED for camera'
set igmp
ip dhcp snooping log-invalid
switchport mode access
switchport access vlan 200
vlan acceptframe admituntaggedonly
vlan ingressfilter
exit
interface 0/33
shutdown
description 'RESERVED for camera'
set igmp
ip dhcp snooping log-invalid
switchport mode access
switchport access vlan 200
vlan acceptframe admituntaggedonly
vlan ingressfilter
exit
interface 0/34
shutdown
description 'RESERVED for camera'
set igmp
ip dhcp snooping log-invalid
switchport mode access
switchport access vlan 200
vlan acceptframe admituntaggedonly
vlan ingressfilter
exit
interface 0/35
shutdown
description 'RESERVED for camera'
set igmp
ip dhcp snooping log-invalid
switchport mode access
switchport access vlan 200
vlan acceptframe admituntaggedonly
vlan ingressfilter
exit
interface 0/36
shutdown
description 'RESERVED for camera'
set igmp
ip dhcp snooping log-invalid
switchport mode access
switchport access vlan 200
vlan acceptframe admituntaggedonly
vlan ingressfilter
exit
interface 0/37
description 'File server LAG'
set igmp
ip dhcp snooping log-invalid
vlan pvid 10
vlan participation exclude 1,13,100,107,110,200,1000,1337
vlan participation include 10
exit
interface 0/38
description 'File server LAG'
set igmp
ip dhcp snooping log-invalid
vlan pvid 10
vlan participation exclude 1,13,100,107,110,200,1000,1337
vlan participation include 10
exit
interface 0/39
description 'File server LAG'
set igmp
ip dhcp snooping log-invalid
vlan pvid 10
vlan participation exclude 1,13,100,107,110,200,1000,1337
vlan participation include 10
exit
interface 0/40
description 'File server management'
set igmp
ip dhcp snooping log-invalid
switchport mode access
switchport access vlan 1337
vlan participation exclude 1,10,13,100,107,110,200
vlan participation include 1337
exit
interface 0/41
description 'APC UPS'
set igmp
ip dhcp snooping log-invalid
switchport mode access
switchport access vlan 1337
vlan acceptframe admituntaggedonly
vlan ingressfilter
exit
interface 0/42
description 'APC PDU'
set igmp
ip dhcp snooping log-invalid
switchport mode access
switchport access vlan 1337
vlan acceptframe admituntaggedonly
vlan ingressfilter
exit
interface 0/43
description 'Management server'
set igmp
ip dhcp snooping log-invalid
switchport mode access
switchport access vlan 1337
lldp transmit
lldp receive
lldp transmit-tlv port-desc
lldp transmit-tlv sys-name
lldp transmit-tlv sys-desc
lldp transmit-tlv sys-cap
lldp transmit-mgmt
lldp notification
lldp med
lldp med confignotification
exit
interface 0/44
description 'Console server'
set igmp
ip dhcp snooping log-invalid
switchport mode access
switchport access vlan 1337
exit
interface 0/45
shutdown
description 'RESERVED'
set igmp
vlan participation exclude 1000
exit
interface 0/46
shutdown
description 'RESERVED'
set igmp
vlan participation exclude 1000
exit
interface 0/47
description 'Outdoor Wi-Fi'
set igmp
set igmp mrouter interface
set igmp mrouter 100
set igmp mrouter 107
ip dhcp snooping log-invalid
switchport mode trunk
switchport trunk native vlan 1337
switchport trunk allowed vlan 1,100,107,110,1337,4000-4001
lldp transmit
lldp receive
lldp transmit-tlv port-desc
lldp transmit-tlv sys-name
lldp transmit-tlv sys-desc
lldp transmit-tlv sys-cap
lldp transmit-mgmt
lldp notification
lldp med
lldp med confignotification
exit
interface 0/48
description 'Foyer Wi-Fi'
set igmp
set igmp mrouter interface
set igmp mrouter 100
set igmp mrouter 107
ip dhcp snooping log-invalid
switchport mode trunk
switchport trunk native vlan 1337
switchport trunk allowed vlan 1,100,107,110,1337,4000-4001
lldp transmit
lldp receive
lldp transmit-tlv port-desc
lldp transmit-tlv sys-name
lldp transmit-tlv sys-desc
lldp transmit-tlv sys-cap
lldp transmit-mgmt
lldp notification
lldp med
lldp med confignotification
exit
interface 0/49
shutdown
set igmp
ip dhcp snooping log-invalid
vlan participation exclude 1,10,13,100,107,110,200,1000,1337
exit
interface 0/50
shutdown
set igmp
ip dhcp snooping log-invalid
vlan participation exclude 1,10,13,100,107,110,200,1000,1337
exit
interface 0/51
set igmp
ip dhcp snooping log-invalid
vlan participation exclude 1,10,13,100,107,110,200,1000,1337
exit
interface 0/52
description 'Router'
set igmp
set igmp mrouter interface
set igmp mrouter 100
set igmp mrouter 107
ip dhcp snooping trust
ip dhcp snooping log-invalid
switchport mode trunk
switchport trunk allowed vlan 1-12,14-4093
vlan participation exclude 1,10,13,100,107,110,200,1337
lldp transmit
lldp receive
lldp transmit-tlv port-desc
lldp transmit-tlv sys-name
lldp transmit-tlv sys-desc
lldp transmit-tlv sys-cap
lldp transmit-mgmt
lldp notification
lldp med
lldp med confignotification
exit
interface lag 1
ip dhcp snooping log-invalid
vlan participation exclude 10,13,100,107,110,200,1000,1337
exit
interface lag 2
description 'File server LAG'
no port-channel static
port-channel load-balance 6
set igmp
ip dhcp snooping log-invalid
vlan pvid 10
vlan participation exclude 1,13,100,107,110,200,1000,1337
vlan participation include 10
exit
interface lag 3
ip dhcp snooping log-invalid
vlan participation exclude 10,13,100,107,110,200,1000,1337
exit
interface lag 4
ip dhcp snooping log-invalid
vlan participation exclude 10,13,100,107,110,200,1000,1337
exit
interface lag 5
ip dhcp snooping log-invalid
vlan participation exclude 10,13,100,107,110,200,1000,1337
exit
interface lag 6
ip dhcp snooping log-invalid
vlan participation exclude 10,13,100,107,110,200,1000,1337
exit
interface vlan 100
bandwidth 10000000
routing
ip address 192.168.100.2 255.255.255.0
ip mtu 1500
exit
interface vlan 107
bandwidth 10000000
routing
ip address 192.168.107.2 255.255.255.0
ip mtu 1500
exit
interface vlan 10
bandwidth 10000000
routing
ip address 192.168.10.2 255.255.255.0
ip mtu 1500
exit
interface vlan 200
bandwidth 10000000
routing
ip address 192.168.200.2 255.255.255.0
ip mtu 1500
exit
interface vlan 1000
bandwidth 1000000
routing
ip address 192.168.250.2 255.255.255.0
ip mtu 1500
exit
sntp source-interface 4/1
ip name source-interface 4/1
memory free low-watermark processor 32768
process cpu threshold type total rising 80 interval 300 falling 60 interval 120
ip default-gateway 192.168.250.1
exit

 

 

New Member
Posts: 29
Registered: ‎11-05-2016

Re: "match" not allowed inside route-map?

(and I'm running 1.7.0.4922887)

Ubiquiti Employee
Posts: 315
Registered: ‎03-17-2015
Kudos: 29
Solutions: 18

Re: "match" not allowed inside route-map?

Hi rdamazio,

 

Sorry for the inconvenience.

"policy-based routing" isn't supported in current release.(after 1.6.0).

 

Jonjer

New Member
Posts: 29
Registered: ‎11-05-2016

Re: "match" not allowed inside route-map?

Thanks for your reply. Perhaps remove it from your documentation then, since some people may buy the product assuming it has that feature?

 

Ubiquiti Employee
Posts: 315
Registered: ‎03-17-2015
Kudos: 29
Solutions: 18

Re: "match" not allowed inside route-map?

Hi rdamazio,

 

Thank you for pointing it out.

We will update documentaiton.

 

Jonjer

New Member
Posts: 29
Registered: ‎11-05-2016

Re: "match" not allowed inside route-map?

Jonjer - just a heads-up that your advertisement material is also misleading at this point: https://dl.ubnt.com/datasheets/edgemax/EdgeSwitch_DS.pdf

 

Ubiquiti Employee
Posts: 315
Registered: ‎03-17-2015
Kudos: 29
Solutions: 18

Re: "match" not allowed inside route-map?

Hi rdamazio,

 

OK, thank you for heading up.

 

Jonjer

Reply