CC Configuration
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
489
Alcatel-Lucent
Beta Beta
OmniAccess 5740 Unified Services Gateway CLI Configuration Guide
NESTING OF MATCH-LISTS
Another key feature of the Unified classification is the capability of nesting. A
match-list configured earlier can be referenced and included in a new match-list.
This prevents you from re-writing same rules for a different match-list.
T
O ENABLE NESTING OF MATCH-LISTS
EXAMPLE
Ex 1:
In the example below, the match-list m2 contains the rule of match-list m1 in
addition to the other rules specific to match-list m2.
ALU(config)# match-list m1
ALU(config-match-list-m1)# ip prefix 192.168.1.0/24 host
192.168.1.72
ALU(config)# match-list m2
ALU(config-match-list-m2)# tcp any any service ssh
ALU(config-match-list-m2)# tcp prefix 192.168.2.0/24 any
service smtp
ALU(config-match-list-m2)# include m1
Ex 2:
Consider another example to configure match-lists, using appropriate rulesets
with the ‘include’ keyword.
ALU(config)# match-list m1
ALU(config-match-list-m1)# 1 prefix 10.0.0.0/8 host 21.1.1.1
ALU(config-match-list-m1)# 2 list l2 list l3
ALU(config)# match-list m2
ALU(config-match-list-m2)# 1 tcp any any service ssh
ALU(config-match-list-m2)# 2 udp prefix 22.1.1.0/8 any
ALU(config-match-list-m2)# 3 ip any any
ALU(config-match-list-m2)# 4 include m1
Note: There is no ordering of rules inside a match-list. All the rules are of same priority. The
rule numbers are used only for reference.
Command (in Match-list CM) Description
include <match-list name> Enter this command in the specific
Match-list Configuration Mode.
This command is used to include a
match-list/s that is already configured
inside another match-list.
To Next Page
Loading...
