Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch N1500 Series

641

642

643

644

645

646

647

648

649

650

Access Control Lists 645

• For a deny route-map, if the decision reached in the above step is permit,

then PBR processing logic terminates and the packet goes through

standard destination-based routing logic. The counter is incremented for

each matching packet.

• For a deny route-map, if the decision reached in the above step is deny, the

counter for this match statement is not incremented. The processing logic

terminates, and the packet goes through the standard destination-based

routing logic.

PBR counters increment when a packet matches the corresponding ACL.

They do not indicate the outcome of the processing logic; i.e., PBR counters

do not count packets that are policy-routed vs. not policy-routed. ACL packet

matching occurs in parallel across all ACLs. If a policy ACL matches a packet,

and an interface or VLAN ACL also matches the packet, the PBR counter

may be incremented even though the interface or VLAN ACL caused the

packet to be dropped.

If no match occurs, then the packet goes through the standard destination-

based routing logic.

Route-Map Actions

Policy-Based Routing overrides the normal routing decisions taken by the

router and attempts to route the packet using the criteria in the set clause:

• List of next-hop IP addresses—The

set ip next-hop command

checks for

the next-hop address in the routing table and, if the next-hop address is

present and active in the routing table, then the policy routes the ACL

matching packets to the next hop. If the next hop is not present in the

routing table, the command uses the normal routing table to route the

packet. Non-matching packets are routed using the normal routing table.

The IP address must specify an adjacent next-hop router in the path

toward the destination to which the packets should be routed. The first

available IP address associated with a currently active routing entry is used

to route the packets. This type of rule takes priority over all entries in the

routing table.

• List of default next-hop IP addresses—The

set ip default next-hop

command checks the list of destination IP addresses in the routing table

and, if there is no explicit route for the packet's destination address in the

routing table, the next-hop destinations are evaluated, and packets are

routed to the first-available next hop. Packets that do not match are routed