Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsNetworking S3100 Series

681

682

683

684

685

686

687

688

689

690

match

Apply an match filter to the crypto policy.

Syntax

match seq-num tcp [sourceip address | ipv6 address {mask} {source-port number}]

[destination ip address | ipv6 address {mask} {destination-port number}]

To remove the match filter for the crypto map, use the no match seq-num tcp [source ip address

| ipv6 address {mask} {source-port number}] [destination ip address | ipv6

address {mask} {destination-port number}] command.

Parameters

seq-num

Enter the match command sequence number.

source

ip-address |

ipv6 address

Enter the keyword source then the IPv4 or IPv6 address for the source.

mask

Enter the mask prefix length in /nn format.

source-port

number

Enter the source port number.

destination-port

number

Enter the destination port number.

Defaults None

Command Modes CONFIG-CRYPTO-POLICY

Command History

This guide is platform-specific. For command information about other platforms, see the relevant Dell EMC

Networking OS Command Line Reference Guide.

Version Description

9.10(0.0) Introduced on the S3148.

9.8(2.0) Introduced on the S3100 series.

9.8(0.0P5) Introduced on the S4048-ON.

9.8(0.0P2) Introduced on the S3048-ON.

9.2(0.2) Introduced on the Z9000, S4810, and S4820T.

9.2(1.0) Introduced on the Z9500.

Usage Information

• IPv4 addresses support only -/32 mask types.

• IPv6 addresses support only -/128 mask types.

• Configure match for bi-directional traffic for optimal routing.

• Only TCP is supported.

Example

match 0 tcp a::1 /128 0 a::2 /128 23

match 1 tcp a::1 /128 23 a::2 /128 0

match 2 tcp a::1 /128 0 a::2 /128 21

match 3 tcp a::1 /128 21 a::2 /128 0

match 4 tcp 1.1.1.1 /32 0 1.1.1.2 /32 23

match 5 tcp 1.1.1.1 /32 23 1.1.1.2 /32 0

match 6 tcp 1.1.1.1 /32 0 1.1.1.2 /32 21

match 7 tcp 1.1.1.1 /32 21 1.1.1.2 /32 0

Internet Protocol Security (IPSec) 681