"match" not allowed inside route-map?


  • R
    Beta Testers

    Hi all.

    I'm trying to set up policy-based routing on my ES-48-500W and have a possibly dumb question.

    The first command seems to work:

    (edgesw1) (Config)#route-map vlan100-route permit 10

    (edgesw1) (route-map)#

    After that, I understand I should enter something like "match ip address 1", referring to a prefix-list (or is it an access-list?).

    However, the CLI seems to reject "match". Pressing ? at at route-map prompt gives me only this:

    (edgesw1) (route-map)#?

    do Run Privileged Exec mode commands.
    exit To exit from the mode.
    help Display help for various special keys.
    show Display Switch Options and Settings.

    What am I missing?

    (full config to follow, it made this post too long)


  • R
    Beta Testers

    Full config (there's a lot still to configure, it's by no means complete, but it works so far):

    !Current Configuration:
    hostname "edgesw1"
    enable password xxx encrypted
    network protocol none
    network parms 192.168.137.2 255.255.255.0 192.168.137.1
    vlan database
    vlan 10,13,100,107,110,200,1000,1337
    vlan name 10 "Servers"
    vlan name 13 "Blackhole"
    vlan name 100 "User devices"
    vlan name 107 "IoT"
    vlan name 110 "Guests"
    vlan name 200 "Cameras"
    vlan name 1000 "Distribution uplink"
    vlan name 1337 "Management"
    set igmp 100
    set igmp querier 100
    set igmp querier election participate 100
    set igmp querier 107
    set igmp querier election participate 107
    vlan routing 100 1
    vlan routing 107 2
    vlan routing 10 3
    vlan routing 200 4
    vlan routing 1000 7
    vlan association mac 00:xx:A3:xx:01:A5 107
    vlan association mac 00:xx:A3:xx:02:6C 107
    vlan association mac 00:xx:63:xx:77:A1 100
    vlan association mac 00:xx:C5:xx:71:3E 107
    vlan association mac 00:xx:C0:xx:64:02 107
    vlan association mac 00:xx:EC:xx:B2:DF 100
    vlan association mac 00:xx:63:xx:05:87 107
    vlan association mac 5C:xx:7D:xx:83:19 107
    vlan association mac B8:xx:37:xx:FA:08 107
    vlan association mac BC:xx:85:xx:89:C8 107
    vlan association mac BC:xx:7B:xx:C5:60 100
    vlan association mac E0:xx:66:xx:1C:4B 107
    exit
    network mgmt_vlan 1337
    ip http session soft-timeout 30
    ip ssh server enable
    sshcon timeout 30
    no ip telnet server enable
    configure
    sntp server "2.ubnt.pool.ntp.org" 2
    sntp server "0.ubnt.pool.ntp.org" 3
    clock summer-time recurring USA offset 60 zone "PDT"
    clock timezone -8 minutes 0 zone "PST"
    dos-control icmpv4
    dos-control icmpv6
    dos-control sipdip
    dos-control smacdmac
    dos-control tcpfinurgpsh
    dos-control tcpflagseq
    dos-control tcpsynfin
    ip domain name "mgmt.home.xxx.org"
    ip domain list "home.xxx.org"
    ip name server 192.168.100.1 8.8.8.8 8.8.4.4
    logging host "192.168.137.10" ipv4 514 info
    logging syslog
    logging email
    logging email from-addr xxx@gmail.com
    logging email message-type urgent to-addr xxx@xxx.org
    logging email message-type non-urgent to-addr xxx@xxx.org
    logging email message-type urgent subject "EdgeSwitch Urgent Log Messages"
    logging email message-type non-urgent subject "EdgeSwitch Non Urgent Log Messages"
    mail-server "smtp.gmail.com"
    port 465
    security tlsv1
    username xxx@gmail.com
    password  xxxx
    exit
    ip routing
    ip helper enable
    username "ubnt" password xxxxx level 15 encrypted
    aaa accounting exec "dfltExecList" start-stop radius
    radius server host auth "192.168.137.10" name "pi1"
    radius server key auth "192.168.137.10" encrypted xxxx
    radius server primary "192.168.137.10"
    radius server attribute 4 192.168.137.2
    radius server host acct "192.168.137.10" name pi1
    radius server key acct "192.168.137.10" encrypted xxxx
    line console
    serial timeout 60
    exit
    line telnet
    exit
    line ssh
    exit
    spanning-tree configuration name "xxx"
    spanning-tree configuration revision 1
    port-channel linktrap 3/2
    interface 0/37
    addport 3/2
    exit
    interface 0/38
    addport 3/2
    exit
    interface 0/39
    addport 3/2
    exit
    snmp-server sysname "edgesw1"
    snmp-server location "Garage"
    snmp-server contact "xxx@xxx.org"
    !
    snmp-server community "xxx" ro ipaddress 192.168.137.10
    snmp-server community "yyy" rw ipaddress 192.168.137.10
    no snmp-server community "public"
    no snmp-server community "private"
    snmp-server host 192.168.137.10 traps version 2 "xxx"
    acl-trapflags
    access-list 1 permit 192.168.100.0 0.0.0.255
    access-list 10 permit 192.168.10.0 0.0.0.255
    access-list 17 permit 192.168.107.0 0.0.0.255
    access-list 17 permit 192.168.100.0 0.0.0.255
    access-list 17 permit 224.0.0.0 0.128.255.255
    ip access-list from_cast
    permit udp 192.168.107.208 0.0.0.15 range 32768 65535 any range 32768 65535
    exit
    ip access-list iot2servers
    permit tcp 192.168.107.192 0.0.0.15 any eq 445
    exit
    ip access-list minimal_in
    permit tcp any any flag established
    permit udp any eq 68 host 255.255.255.255 eq 67
    exit
    ip access-list users2servers
    permit tcp 192.168.100.0 0.0.0.255 any eq 445
    exit
    ip access-list from_sonos
    permit tcp 192.168.107.192 0.0.0.15 any range 3400 3401
    permit tcp 192.168.107.192 0.0.0.15 any eq 3500
    permit udp 192.168.107.192 0.0.0.15 any eq 1901
    permit udp 192.168.107.192 0.0.0.15 any eq 6969
    exit
    ip access-list guests
    permit ip host 192.168.110.1 any
    deny ip 192.168.110.0 0.0.0.255 192.168.110.0 0.0.0.255
    deny ip any host 255.255.255.255
    deny ip any 224.0.0.0 0.128.255.255
    permit ip 192.168.110.0 0.0.0.255 any
    exit
    ip access-list multicast
    permit ip any 224.0.0.0 127.255.255.255
    exit
    ip access-group minimal_in vlan 10 in 10
    ip access-group 10 vlan 10 in 20
    ip access-group multicast vlan 10 in 30
    ip access-group users2servers vlan 10 in 100
    ip access-group iot2servers vlan 10 in 110
    ip access-group minimal_in vlan 100 in 10
    ip access-group 1 vlan 100 in 20
    ip access-group multicast vlan 100 in 30
    ip access-group from_sonos vlan 100 in 100
    ip access-group from_cast vlan 100 in 120
    ip access-group minimal_in vlan 107 in 10
    ip access-group 17 vlan 107 in 20
    ip access-group multicast vlan 107 in 30
    ip access-group minimal_in vlan 110 in 10
    ip access-group guests vlan 110 in 20
    ip prefix-list vlan100 description 'Users VLAN'
    ip prefix-list vlan100 seq 100 permit 192.168.100.0/24
    route-map vlan100-route permit 10
    exit
    set igmp
    set igmp querier
    ip dhcp snooping
    ip dhcp snooping vlan 1,10,100,107,110
    interface 0/1
    description 'Downstairs office'
    set igmp
    ip dhcp snooping log-invalid
    vlan pvid 110
    vlan acceptframe admituntaggedonly
    vlan ingressfilter
    vlan participation exclude 1,10,13,200,1000,1337
    vlan participation include 100,107,110
    exit
    interface 0/2
    description 'Downstairs office'
    set igmp
    ip dhcp snooping log-invalid
    vlan pvid 110
    vlan acceptframe admituntaggedonly
    vlan ingressfilter
    vlan participation exclude 1,10,13,200,1000,1337
    vlan participation include 100,107,110
    exit
    interface 0/3
    description 'Downstairs office'
    set igmp
    ip dhcp snooping log-invalid
    vlan pvid 110
    vlan acceptframe admituntaggedonly
    vlan ingressfilter
    vlan participation exclude 1,10,13,200,1000,1337
    vlan participation include 100,107,110
    exit
    interface 0/4
    description 'Downstairs office'
    set igmp
    ip dhcp snooping log-invalid
    vlan pvid 110
    vlan acceptframe admituntaggedonly
    vlan ingressfilter
    vlan participation exclude 1,10,13,200,1000,1337
    vlan participation include 100,107,110
    exit
    interface 0/5
    description 'Downstairs office'
    set igmp
    ip dhcp snooping log-invalid
    vlan pvid 110
    vlan acceptframe admituntaggedonly
    vlan ingressfilter
    vlan participation exclude 1,10,13,200,1000,1337
    vlan participation include 100,107,110
    exit
    interface 0/6
    description 'Downstairs office'
    set igmp
    ip dhcp snooping log-invalid
    vlan pvid 110
    vlan acceptframe admituntaggedonly
    vlan ingressfilter
    vlan participation exclude 1,10,13,200,1000,1337
    vlan participation include 100,107,110
    exit
    interface 0/7
    description 'Upstairs office access'
    set igmp
    ip dhcp snooping log-invalid
    vlan pvid 110
    vlan acceptframe admituntaggedonly
    vlan ingressfilter
    vlan participation exclude 1,10,13,200,1000,1337
    vlan participation include 100,107,110
    exit
    interface 0/8
    description 'Upstairs office access'
    set igmp
    ip dhcp snooping log-invalid
    vlan pvid 110
    vlan acceptframe admituntaggedonly
    vlan ingressfilter
    vlan participation exclude 1,10,13,200,1000,1337
    vlan participation include 100,107,110
    exit
    interface 0/9
    description 'Upstairs office access'
    set igmp
    ip dhcp snooping log-invalid
    vlan pvid 110
    vlan acceptframe admituntaggedonly
    vlan ingressfilter
    vlan participation exclude 1,10,13,200,1000,1337
    vlan participation include 100,107,110
    exit
    interface 0/10
    description 'Upstairs office trunk'
    set igmp
    set igmp mrouter interface
    set igmp mrouter 100
    set igmp mrouter 107
    ip dhcp snooping log-invalid
    vlan pvid 13
    vlan ingressfilter
    vlan participation exclude 1,13,1000
    vlan participation include 10,100,107,110,200,1337
    vlan tagging 10,100,107,110,200,1337
    lldp transmit
    lldp transmit-tlv port-desc
    lldp transmit-tlv sys-name
    lldp transmit-tlv sys-desc
    lldp transmit-tlv sys-cap
    lldp transmit-mgmt
    lldp notification
    exit
    interface 0/11
    description 'Upstairs office access'
    set igmp
    ip dhcp snooping log-invalid
    vlan pvid 110
    vlan acceptframe admituntaggedonly
    vlan ingressfilter
    vlan participation exclude 1,10,13,200,1000,1337
    vlan participation include 100,107,110
    exit
    interface 0/12
    shutdown
    description 'Upstairs office access'
    set igmp
    ip dhcp snooping log-invalid
    vlan pvid 110
    vlan acceptframe admituntaggedonly
    vlan ingressfilter
    vlan participation exclude 1,10,13,200,1000,1337
    vlan participation include 100,107,110
    exit
    interface 0/13
    description 'Living room'
    set igmp
    ip dhcp snooping log-invalid
    vlan pvid 110
    vlan acceptframe admituntaggedonly
    vlan ingressfilter
    vlan participation exclude 1,10,13,200,1000,1337
    vlan participation include 100,107,110
    exit
    interface 0/14
    description 'Living room'
    set igmp
    ip dhcp snooping log-invalid
    vlan pvid 110
    vlan acceptframe admituntaggedonly
    vlan ingressfilter
    vlan participation exclude 1,10,13,200,1000,1337
    vlan participation include 100,107,110
    exit
    interface 0/15
    description 'Living room'
    set igmp
    ip dhcp snooping log-invalid
    vlan pvid 110
    vlan acceptframe admituntaggedonly
    vlan ingressfilter
    vlan participation exclude 1,10,13,200,1000,1337
    vlan participation include 100,107,110
    exit
    interface 0/16
    description 'Living room'
    set igmp
    ip dhcp snooping log-invalid
    vlan pvid 110
    vlan acceptframe admituntaggedonly
    vlan ingressfilter
    vlan participation exclude 1,10,13,200,1000,1337
    vlan participation include 100,107,110
    exit
    interface 0/17
    description 'Living room'
    set igmp
    ip dhcp snooping log-invalid
    vlan pvid 110
    vlan acceptframe admituntaggedonly
    vlan ingressfilter
    vlan participation exclude 1,10,13,200,1000,1337
    vlan participation include 100,107,110
    exit
    interface 0/18
    description 'Living room'
    set igmp
    ip dhcp snooping log-invalid
    vlan pvid 110
    vlan acceptframe admituntaggedonly
    vlan ingressfilter
    vlan participation exclude 1,10,13,200,1000,1337
    vlan participation include 100,107,110
    exit
    interface 0/19
    description 'Master bedroom'
    set igmp
    ip dhcp snooping log-invalid
    vlan pvid 110
    vlan acceptframe admituntaggedonly
    vlan ingressfilter
    vlan participation exclude 1,10,13,200,1000,1337
    vlan participation include 100,107,110
    exit
    interface 0/20
    description 'Master bedroom'
    set igmp
    ip dhcp snooping log-invalid
    vlan pvid 110
    vlan acceptframe admituntaggedonly
    vlan ingressfilter
    vlan participation exclude 1,10,13,200,1000,1337
    vlan participation include 100,107,110
    exit
    interface 0/21
    description 'Master bedroom'
    set igmp
    ip dhcp snooping log-invalid
    vlan pvid 110
    vlan acceptframe admituntaggedonly
    vlan ingressfilter
    vlan participation exclude 1,10,13,200,1000,1337
    vlan participation include 100,107,110
    exit
    interface 0/22
    description 'Dining Room'
    set igmp
    ip dhcp snooping log-invalid
    vlan pvid 110
    vlan acceptframe admituntaggedonly
    vlan ingressfilter
    vlan participation exclude 1,10,13,200,1000,1337
    vlan participation include 100,107,110
    exit
    interface 0/23
    description 'Dining Room'
    set igmp
    ip dhcp snooping log-invalid
    vlan pvid 110
    vlan acceptframe admituntaggedonly
    vlan ingressfilter
    vlan participation exclude 1,10,13,200,1000,1337
    vlan participation include 100,107,110
    exit
    interface 0/24
    description 'Dining Room'
    set igmp
    ip dhcp snooping log-invalid
    vlan pvid 110
    vlan acceptframe admituntaggedonly
    vlan ingressfilter
    vlan participation exclude 1,10,13,200,1000,1337
    vlan participation include 100,107,110
    exit
    interface 0/25
    description 'DVR'
    set igmp
    ip dhcp snooping log-invalid
    switchport mode access
    switchport access vlan 200
    vlan acceptframe admituntaggedonly
    vlan ingressfilter
    exit
    interface 0/26
    description 'Automation controller'
    set igmp
    ip dhcp snooping log-invalid
    switchport mode access
    switchport access vlan 107
    vlan acceptframe admituntaggedonly
    vlan ingressfilter
    exit
    interface 0/27
    no port lacpmode
    description 'Irrigation controller'
    set igmp
    no spanning-tree port mode
    ip dhcp snooping log-invalid
    switchport mode access
    switchport access vlan 107
    poe opmode shutdown
    exit
    interface 0/28
    no port lacpmode
    description 'Irrigation controller'
    set igmp
    no spanning-tree port mode
    ip dhcp snooping log-invalid
    switchport mode access
    switchport access vlan 107
    poe opmode shutdown
    exit
    interface 0/29
    description 'Solar controller'
    set igmp
    ip dhcp snooping log-invalid
    switchport mode access
    switchport access vlan 107
    vlan acceptframe admituntaggedonly
    vlan ingressfilter
    exit
    interface 0/30
    description 'Pool controller'
    set igmp
    ip dhcp snooping log-invalid
    switchport mode access
    switchport access vlan 107
    vlan acceptframe admituntaggedonly
    vlan ingressfilter
    exit
    interface 0/31
    shutdown
    description 'RESERVED for camera'
    set igmp
    ip dhcp snooping log-invalid
    switchport mode access
    switchport access vlan 200
    vlan acceptframe admituntaggedonly
    vlan ingressfilter
    exit
    interface 0/32
    shutdown
    description 'RESERVED for camera'
    set igmp
    ip dhcp snooping log-invalid
    switchport mode access
    switchport access vlan 200
    vlan acceptframe admituntaggedonly
    vlan ingressfilter
    exit
    interface 0/33
    shutdown
    description 'RESERVED for camera'
    set igmp
    ip dhcp snooping log-invalid
    switchport mode access
    switchport access vlan 200
    vlan acceptframe admituntaggedonly
    vlan ingressfilter
    exit
    interface 0/34
    shutdown
    description 'RESERVED for camera'
    set igmp
    ip dhcp snooping log-invalid
    switchport mode access
    switchport access vlan 200
    vlan acceptframe admituntaggedonly
    vlan ingressfilter
    exit
    interface 0/35
    shutdown
    description 'RESERVED for camera'
    set igmp
    ip dhcp snooping log-invalid
    switchport mode access
    switchport access vlan 200
    vlan acceptframe admituntaggedonly
    vlan ingressfilter
    exit
    interface 0/36
    shutdown
    description 'RESERVED for camera'
    set igmp
    ip dhcp snooping log-invalid
    switchport mode access
    switchport access vlan 200
    vlan acceptframe admituntaggedonly
    vlan ingressfilter
    exit
    interface 0/37
    description 'File server LAG'
    set igmp
    ip dhcp snooping log-invalid
    vlan pvid 10
    vlan participation exclude 1,13,100,107,110,200,1000,1337
    vlan participation include 10
    exit
    interface 0/38
    description 'File server LAG'
    set igmp
    ip dhcp snooping log-invalid
    vlan pvid 10
    vlan participation exclude 1,13,100,107,110,200,1000,1337
    vlan participation include 10
    exit
    interface 0/39
    description 'File server LAG'
    set igmp
    ip dhcp snooping log-invalid
    vlan pvid 10
    vlan participation exclude 1,13,100,107,110,200,1000,1337
    vlan participation include 10
    exit
    interface 0/40
    description 'File server management'
    set igmp
    ip dhcp snooping log-invalid
    switchport mode access
    switchport access vlan 1337
    vlan participation exclude 1,10,13,100,107,110,200
    vlan participation include 1337
    exit
    interface 0/41
    description 'APC UPS'
    set igmp
    ip dhcp snooping log-invalid
    switchport mode access
    switchport access vlan 1337
    vlan acceptframe admituntaggedonly
    vlan ingressfilter
    exit
    interface 0/42
    description 'APC PDU'
    set igmp
    ip dhcp snooping log-invalid
    switchport mode access
    switchport access vlan 1337
    vlan acceptframe admituntaggedonly
    vlan ingressfilter
    exit
    interface 0/43
    description 'Management server'
    set igmp
    ip dhcp snooping log-invalid
    switchport mode access
    switchport access vlan 1337
    lldp transmit
    lldp receive
    lldp transmit-tlv port-desc
    lldp transmit-tlv sys-name
    lldp transmit-tlv sys-desc
    lldp transmit-tlv sys-cap
    lldp transmit-mgmt
    lldp notification
    lldp med
    lldp med confignotification
    exit
    interface 0/44
    description 'Console server'
    set igmp
    ip dhcp snooping log-invalid
    switchport mode access
    switchport access vlan 1337
    exit
    interface 0/45
    shutdown
    description 'RESERVED'
    set igmp
    vlan participation exclude 1000
    exit
    interface 0/46
    shutdown
    description 'RESERVED'
    set igmp
    vlan participation exclude 1000
    exit
    interface 0/47
    description 'Outdoor Wi-Fi'
    set igmp
    set igmp mrouter interface
    set igmp mrouter 100
    set igmp mrouter 107
    ip dhcp snooping log-invalid
    switchport mode trunk
    switchport trunk native vlan 1337
    switchport trunk allowed vlan 1,100,107,110,1337,4000-4001
    lldp transmit
    lldp receive
    lldp transmit-tlv port-desc
    lldp transmit-tlv sys-name
    lldp transmit-tlv sys-desc
    lldp transmit-tlv sys-cap
    lldp transmit-mgmt
    lldp notification
    lldp med
    lldp med confignotification
    exit
    interface 0/48
    description 'Foyer Wi-Fi'
    set igmp
    set igmp mrouter interface
    set igmp mrouter 100
    set igmp mrouter 107
    ip dhcp snooping log-invalid
    switchport mode trunk
    switchport trunk native vlan 1337
    switchport trunk allowed vlan 1,100,107,110,1337,4000-4001
    lldp transmit
    lldp receive
    lldp transmit-tlv port-desc
    lldp transmit-tlv sys-name
    lldp transmit-tlv sys-desc
    lldp transmit-tlv sys-cap
    lldp transmit-mgmt
    lldp notification
    lldp med
    lldp med confignotification
    exit
    interface 0/49
    shutdown
    set igmp
    ip dhcp snooping log-invalid
    vlan participation exclude 1,10,13,100,107,110,200,1000,1337
    exit
    interface 0/50
    shutdown
    set igmp
    ip dhcp snooping log-invalid
    vlan participation exclude 1,10,13,100,107,110,200,1000,1337
    exit
    interface 0/51
    set igmp
    ip dhcp snooping log-invalid
    vlan participation exclude 1,10,13,100,107,110,200,1000,1337
    exit
    interface 0/52
    description 'Router'
    set igmp
    set igmp mrouter interface
    set igmp mrouter 100
    set igmp mrouter 107
    ip dhcp snooping trust
    ip dhcp snooping log-invalid
    switchport mode trunk
    switchport trunk allowed vlan 1-12,14-4093
    vlan participation exclude 1,10,13,100,107,110,200,1337
    lldp transmit
    lldp receive
    lldp transmit-tlv port-desc
    lldp transmit-tlv sys-name
    lldp transmit-tlv sys-desc
    lldp transmit-tlv sys-cap
    lldp transmit-mgmt
    lldp notification
    lldp med
    lldp med confignotification
    exit
    interface lag 1
    ip dhcp snooping log-invalid
    vlan participation exclude 10,13,100,107,110,200,1000,1337
    exit
    interface lag 2
    description 'File server LAG'
    no port-channel static
    port-channel load-balance 6
    set igmp
    ip dhcp snooping log-invalid
    vlan pvid 10
    vlan participation exclude 1,13,100,107,110,200,1000,1337
    vlan participation include 10
    exit
    interface lag 3
    ip dhcp snooping log-invalid
    vlan participation exclude 10,13,100,107,110,200,1000,1337
    exit
    interface lag 4
    ip dhcp snooping log-invalid
    vlan participation exclude 10,13,100,107,110,200,1000,1337
    exit
    interface lag 5
    ip dhcp snooping log-invalid
    vlan participation exclude 10,13,100,107,110,200,1000,1337
    exit
    interface lag 6
    ip dhcp snooping log-invalid
    vlan participation exclude 10,13,100,107,110,200,1000,1337
    exit
    interface vlan 100
    bandwidth 10000000
    routing
    ip address 192.168.100.2 255.255.255.0
    ip mtu 1500
    exit
    interface vlan 107
    bandwidth 10000000
    routing
    ip address 192.168.107.2 255.255.255.0
    ip mtu 1500
    exit
    interface vlan 10
    bandwidth 10000000
    routing
    ip address 192.168.10.2 255.255.255.0
    ip mtu 1500
    exit
    interface vlan 200
    bandwidth 10000000
    routing
    ip address 192.168.200.2 255.255.255.0
    ip mtu 1500
    exit
    interface vlan 1000
    bandwidth 1000000
    routing
    ip address 192.168.250.2 255.255.255.0
    ip mtu 1500
    exit
    sntp source-interface 4/1
    ip name source-interface 4/1
    memory free low-watermark processor 32768
    process cpu threshold type total rising 80 interval 300 falling 60 interval 120
    ip default-gateway 192.168.250.1
    exit
    

  • R
    Beta Testers

    (and I'm runningĀ 1.7.0.4922887)


  • R
    Beta Testers
    This post is deleted!

  • R
    Beta Testers

    Bump? Anyone? :)

    Thanks in advance.


Posts 5Views 11
Log in to reply

Looks like your connection to Ubiquiti Networks Community was lost, please wait while we try to reconnect.