PBR
148
Managed Switches
The route map with a deny statement uses the following logic:
• The incoming packet is matched against the criteria in the match term specified in the
route map. This match command can refer to an IP/MAC access list. An ACL that is used
in the match term itself has one or more permit or deny rules. Now, the incoming packet is
matched against the rules in the ACL, and a permit or deny decision is reached.
• If the decision reached in the previous step is permit, then policy-based routing
processing logic terminates and the packet goes through standard destination-based
routing logic.
• If the decision reached in the earlier step is deny, the counter for this match statement is
not incremented and the processing logic moves to next route-map statement in the
sequence. If no next route-map statement exists, the processing logic terminates and the
packet goes through standard destination-based routing logic.
The following table specifies the desired actions:
The following actions are taken:
• Next. Fall through to the next route map, and if no further route maps exist, route using
the default routing table.
• Set. Route according to the action in the set clause.
• Route (alone). Route using the default routing table.
PBR Configurations
PBR is configurable on the following types of eligible routing interfaces:
• Physical ports
• VLAN interfaces
On VLAN interfaces, when an ACL is applied, it implies that when any packet arrives with a
corresponding VLAN ID on any port, it is matched and a corresponding action is taken.
Table 1. Desired actions
ACL Match Outcome Route Map Action
Permit Yes Permit Permit Set
Permit No Deny Permit Next
Permit Yes Permit Deny Route
Permit No Deny Deny Next
Deny Yes Deny Permit Next
Deny No Deny Permit Next
Deny Yes Deny Deny Next
Deny No Deny Deny Next
To Next Page
Loading...
