The Journey of a Network Engineer

Oct 1 2010   10:55AM GMT

Policy Based Routing – Part 2

Sulaiman Syed Profile: Sulaiman Syed

In Policy Based Routing – part 1 I have explained why and how we can use PBR in production environment. Today, i shall post how i did, and what i did. with brief explanation. Keep in mind that the image shown with the IP scheme is not real.

Photobucket

ip access-list extended web
permit tcp 192.0.0.0 0.0.31.255 any eq www
permit tcp 192.0.0.0 0.0.31.255 any eq 443

First, i have defined the interesting traffic. 192.0.0.0/22 is the network i would like to redirect to my proxy server. the traffic should be sourced from this network, to any network with port number 80 and 443 (HTTP, HTTPS).

route-map web permit 10
match ip address web
set ip next-hop 10.10.0.100

here, i created a route map, that matches the Access list i made in first step, and i sat the next hope address as 10.10.0.100

route-map web permit 20

This command is important, without it. the rest of traffic will be dropped. (just the way how the last command in Access List is deny deny.)

interface Vlan10
ip address 10.10.0.2 255.255.255.0
ip policy route-map web

Since, im using a multilayer switch and my interface is defined in a vlan. i have applied the Policy in the vlan interface.

Yes, of course. why not just apply the PBR on the distribution switch. I wonder why i didn’t think of that earlier. I will test my switch by tomorrow. once i get confirmed results. I think It would be best just to apply the configuration into the distribution switch.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: