Route maps

Route maps are policy tools that are used to match destination prefixes, interfaces, or other route properties. Optionally, they may change the properties of the route, depending on the match.

The route map includes one or more sequences, each of which contains match statements and, optionally, set statements. When a route map is applied, its sequences are evaluated in order. If all the match statements in a sequence match the target route, the match succeeds and the route is permitted or denied according to the permit | deny instruction in the route-map command that defined the sequence; if the sequence contains set statements, they are applied to the target route. If any of the match statements in the sequence does not match the target route, the match fails and the next sequence in the route map is evaluated. If all the sequences fail to match the route, the route is denied.

If the named route map does not already exist, the route-map command creates the route map and enters the route map context. For example:

switch(config)# route-map Map1 permit
switch(route-map-Map1-10)#

At this point, you are ready to enter match and set commands, described below. When you have finished entering match and set commands, an exit command exits the route map context and returns to the general configuration context.

When entering match commands, most allow only one command of a given type in a sequence. (For instance, you can enter match source-protocol rip or match source-protocol ospf, but not both.) The exceptions are matching VLAN interfaces and next hops. Multiple match interface vlan vid commands are concatenated to a single command, and a match succeeds if any of the VLANs matches. For example, the following two route maps are equivalent:

switch(config)# route-map Map2 permit
switch(route-map-Map2-10)# match interface vlan 11
switch(route-map-Map2-10)# match interface vlan 12
switch(route-map-Map2-10)# match interface vlan 13
switch(route-map-Map2-10)# ex

switch(config)# route-map Map3 permit
switch(route-map-Map3-10)# match interface vlan 11 12 13
switch(route-map-Map3-10)# ex

Similarly, multiple instances of the match ip next-hop IP-addr and match ipv6 next-hop IPv6-addr commands are concatenated internally into single commands, respectively.

The general limitation of only one match command of a given type applies within a sequence. The same type of match command can be repeated in other sequences in the same route map.

All of the match clauses of the sequence must match for a match to succeed. (For this purpose, multiple match interface vlan, match ip next-hop, and match ipv6 next-hop clauses are treated as a single clause. In such a clause, the interfaces or next hops are treated in logical OR fashion: if there is a match with any one of them, the match clause succeeds.)

A match sequence that contains no match commands will permit all routes. (Such a sequence may be used in a route map that denies certain routes but permits all others.)

Like most match commands, set commands allow only one command of a given type in a sequence. So, for instance, if a match sequence is successful, you can set a metric of 23, but not metrics of 23 and 25 simultaneously.

To re-enter the context of an existing route map that has only one sequence (say, to add or delete match or set statements), the sequence number is optional: route-map name permit | deny . If the route-map has more than one sequence, the sequence number is required: route-map name permit | deny seq seq-num .

To create a new sequence in an existing route map (that is, under the same route map name), use the route-map command with a different sequence number. Sequence numbers are significant: they determine the order of evaluation of sequences in route maps—the sequence with the lowest number is evaluated first.