Posted by: Sulaiman Syed
access, ACL, based, list, map, PBR, policy, route, routing, vlan
In Policy Based Routing – part 1 I have explained why and how we can use PBR in production environment. Today, i shall post how i did, and what i did. with brief explanation. Keep in mind that the image shown with the IP scheme is not real.
ip access-list extended web
permit tcp 192.0.0.0 0.0.31.255 any eq www
permit tcp 192.0.0.0 0.0.31.255 any eq 443
First, i have defined the interesting traffic. 192.0.0.0/22 is the network i would like to redirect to my proxy server. the traffic should be sourced from this network, to any network with port number 80 and 443 (HTTP, HTTPS).
route-map web permit 10
match ip address web
set ip next-hop 10.10.0.100
here, i created a route map, that matches the Access list i made in first step, and i sat the next hope address as 10.10.0.100
route-map web permit 20
This command is important, without it. the rest of traffic will be dropped. (just the way how the last command in Access List is deny deny.)
ip address 10.10.0.2 255.255.255.0
ip policy route-map web
Since, im using a multilayer switch and my interface is defined in a vlan. i have applied the Policy in the vlan interface.
Yes, of course. why not just apply the PBR on the distribution switch. I wonder why i didn’t think of that earlier. I will test my switch by tomorrow. once i get confirmed results. I think It would be best just to apply the configuration into the distribution switch.