38-6
Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG
OL-25340-01
Chapter 38 Configuring Policy-Based Routing
Policy-Based Routing Configuration Tasks
Enabling PBR
To enable PBR, you must create a route map that specifies the match criteria and the resulting action if
all of the match clauses are met. Then you must apply that route-map on a particular interface. All
packets arriving on the specified interface matching the match clauses are subject to PBR.
To enable PBR on an interface, perform this task:
Command Purpose
Step 1
Switch(config)# route-map map-tag [permit |
deny] [sequence-number]
Defines a route map to control where packets are sent. This
command puts the switch into route-map configuration mode.
Step 2
Switch(config-route-map)# match ip address
{access-list-number | name}
[...access-list-number | name]
Specifies the match criteria. The match criteria take the form
of one or more Standard or Extended IP access-lists. The
access-lists can specify the source and destination IP
addresses, protocol types, and port numbers. See Chapter 51,
“Configuring Network Security with ACLs” for more
information on Standard and Extended IP access-lists.
Step 3
Switch(config-route-map)# set ip next-hop
ip-address [... ip-address]
Or
Specifies the next-hop IP address to which matching packets
are sent. The next-hop IP address specified here must belong
to a subnet that is directly connected to this switch.
If more than one next-hop IP address is specified, the first
usable next-hop is chosen for routing matching packets. If the
next-hop is (or becomes) unavailable for some reason, the
next one in the list is chosen.
Step 4
Switch(config-route-map)# set interface
interface-type interface-number
[... type number]
Or
Specifies the output interface from which the packet will be
sent. This action specifies that the packet is forwarded out of
the local interface. The interface must be a Layer 3 interface
(not a switchport).
Packets are forwarded on the specified interface only if one of
the following conditions is met:
• The destination IP address in the packet lies within the IP
subnet to which the specified interface belongs.
• The destination IP address in the packet is reachable
through the specified interface (as per the IP routing
table).
If the destination IP address on the packet does not meet
either of these conditions, the packet is dropped. This action
forces matching packets to be switched in software.k
Step 5
Switch(config-route-map)# set ip default
next-hop ip-address [... ip-address]
Or
Sets next hop to which to route the packet if there is no
explicit route for the destination IP address in the packet.
Before forwarding the packet to the next hop, the switch looks
up the packet’s destination address in the unicast routing
table. If a match is found, the packet is forwarded by way of
the routing table. If no match is found, the packet is forwarded
to the specified next hop.
To Next Page
Loading...
