policy route pbr <name> rule <rule-number> destination <destination>
Defines the destination address for an IP routing policy rule.
- name
- The name of an IP routing policy.
- rule-number
- The numeric identifier of a policy rule. Rule numbers determine the order in which rules are processed. Each rule must have a unique rule number. The number ranges from 1 through 9999.
You can define multiple rules by creating more than one rule configuration node.
- destination
- The destination address for an IP routing policy rule. The destination address can be any of the following parameters.
- address
- Specifies an address to match. Address formats are as follows:
address-group name: An address group that is configured with a list of addresses.
ip-address: An IPv4 address.
ip-address/prefix: An IPv4 network address, where 0.0.0.0/0 matches any network.
!ip-address: All IP addresses except the specified IPv4 address.
!ip-address/prefix: All IP addresses except the specified IPv4 network address.
ipv6-address: An IPv6 address; for example, fe80::20c:29fe:fe47:f89.
ip-address/prefix: An IPv6 network address, where ::/0 matches any network; for example, fe80::20c:29fe:fe47:f88/64.
!ipv6-address: All IP addresses except the specified IPv6 address.
!ip-address/prefix: All IP addresses except the specified IPv6 network address.
- mac-address
- Specifies a media access control (MAC) address to match. The address format is six 8-bit numbers, separated by colons, in hexadecimal; for example, 00:0a:59:9a:f2:ba.
Note: For policy based routing, the usefulness of this parameter is limited because the MAC address is on a local interface.
- port
- Specifies a port to match. Port formats are as follows:
- port-group name: A port group that is configured with a list of ports.
- port name: A port name as shown in /etc/services, for example, http.
- 1-65535: A port number in the range from 1 through 65535.
- start-end: A range of port numbers, for example, 1001-1005.
A packet is considered a match if it matches any port name or number specified in the group. Only one port group may be specified. The port group must already be defined.
- destination
- Specifies a media access control (MAC) address to match. The address format is six 8-bit numbers, separated by colons, in hexadecimal; for example, 00:0a:59:9a:f2:ba.
Note: For policy-based routing, the usefulness of this parameter is limited because the MAC address is on a local interface.
Configuration mode
policy {
route {
pbr name {
rule rule-number {
destination {
address address
mac-address address
port port
}
}
}
}
}
This match criterion specifies a group of addresses, ports, or networks for packet destination address.
A packet is considered a match for an address, a network, or a port group if it matches any host IP address, network address, or port name or number, respectively, in the group. However, if more than one group is specified, the packet must be a match for both groups to be considered a match. For example, if both an address group and a port group are specified, the destination of the packet must match at least one item in the address group and at least one item in the port group.
An address group may be specified with a port group.
If both an address and a port are specified, the packet is considered a match only if both the address and the port match.
Use the set form of this command to create or modify a rule within an IP routing policy.
Use the delete form of this command to remove a rule from an IP routing policy.
Use the show form of this command to display a rule within an IP routing policy.