match length A B
match ip address acl1 acl2
match ip address acl3
A packet is permitted if it is permitted by match length A B or acl1 or acl2 or acl3
◦
If the decision reached is permit, then the action specified by the set command is applied on the
packet .
◦
If the decision reached is deny, then the PBR action (specified in the set command) is not applied.
Instead the processing logic moves forward to look at the next route-map statement in the sequence
(the statement with the next higher sequence number). If no next statement exists, PBR processing
terminates, and the packet is routed using the default IP routing table.
•
For PBR, route-map statements marked as deny are not supported.
You can use standard IP ACLs to specify match criteria for a source address or extended IP ACLs to specify
match criteria based on an application, a protocol type, or an end station. The process proceeds through the
route map until a match is found. If no match is found, normal destination-based routing occurs. There is an
implicit deny at the end of the list of match statements.
If match clauses are satisfied, you can use a set clause to specify the IP addresses identifying the next hop
router in the path.
For details about PBR commands and keywords, see Cisco IOS IP Command Reference, Volume 2 of 3:
Routing Protocols.
How to Configure PBR
•
To use PBR, you must have the Network Essentials license enabled on the switch or stack master.
•
Multicast traffice is not policy-routed. PBR applies only to unicast traffic.
•
You can enable PBR on a routed port or an SVI.
•
The switch supports PBR based on match length.
•
You can apply a policy route map to an EtherChannel port channel in Layer 3 mode, but you cannot
apply a policy route map to a physical interface that is a member of the EtherChannel. If you try to do
so, the command is rejected. When a policy route map is applied to a physical interface, that interface
cannot become a member of an EtherChannel.
•
You can define a mazimum of 128 IP policy route maps on the switch or switch stack.
•
You can define a maximum of 512 access control entries(ACEs) for PBR on the switch or switch stack.
•
When configuring match criteria in a route map, follow these guidelines:
◦
Do not match ACLs that permit packets destined for a local address.
•
VRF and PBR are mutually exclusive on a switch interface. You cannot enable VRF when PBR is
enabled on an interface. The reverse is also true, you cannot enable PBR when VRF is enabled on an
interface.
   Routing Configuration Guide, Cisco IOS XE Everest 16.6.x (Catalyst 9500 Switches)
194
Configuring IP Unicast Routing
Policy-Based Routing