ME 3800x and ME 3600x Switches Software Configuration Guide, Release 15.2(4)S
Configuring Policy Based Routing (PBR)
Downloads: This chapterpdf (PDF - 98.0KB) The complete bookPDF (PDF - 11.82MB) | Feedback

Configuring Policy-Based Routing (PBR)

Table Of Contents

Configuring Policy-Based Routing (PBR)

Prerequisites for PBR

Restrictions for PBR

Information About PBR

How to Configure PBR

Configuration Examples for PBR


Configuring Policy-Based Routing (PBR)


Prerequisites for PBR

Restrictions for PBR

Information About PBR

How to Configure PBR

Configuration Examples for PBR

Prerequisites for PBR

For Cisco ME 3600X , the PBR feature is supported with the application SDM template. For Cisco ME 3800X, this feature is supported with the scaled license.


Note The PBR feature does not work with the default template.


Restrictions for PBR

PBR is an ingress only feature.

These IPv4 PBR commands are supported:

match ip address

set ip next-hop (64 instances)

set ip default next-hop

The switch does not support route-map deny statements.

Local PBR is not supported.

IPv4 PBR recursive next-hop is not supported.

IPv6 PBR is not supported in software.

IPv6 PBR recursive next-hop is not supported.

Information About PBR

Policy-based routing (PBR) provides a mechanism for expressing and implementing forwarding/routing of data packets based on the policies defined by the network administrators. It provides a more flexible mechanism for routing packets through routers, complementing the existing mechanism provided by routing protocols such as RIP, OSPF, or EIGRP. Instead of routing by the destination address, policy-based routing allows network administrators to determine and implement routing policies to allow or deny paths.

A policy contains one or more route-map(s). A policy can be applied to one or more input interfaces. A policy is identified by a unique tag. Each route map is assigned a unique sequence number, so that classification up to the first match across multiple route-maps is executed in rank order. A match is found when sections of a packet's Layer 3 and Layer 4 headers are equivalent to those specified in a route-map's access control list, packet-length range entry, and/or IP source address entry. PBR policy application is bypassed if no match is found.

How to Configure PBR

To configure PBR on an interface, use the following commands beginning in global configuration mode:

 
Command
Purpose

Step 1 

Switch(config)# route-map map-tag [permit | deny] [sequence-number]

Defines a route map to control where packets are output. This command puts the switch into route-map configuration mode.

Step 2 

Switch(config-route-map)# match ip address {access-list-number | name} [...access-list-number | name]

Specifies the match criteria.

Although there are many route-map matching options, here you can specify only length and/or ip address.

ip address matches the source or destination IP address that is permitted by one or more standard or extended access lists.

If you do not specify a match command, the route map applies to all packets.

Step 3 

Switch(config-route-map)# set ip next-hop ip-address [... ip-address]

Specifies the action(s) to take on the packets that match the criteria. You can specify any or all of the following:

next-hop: Sets next hop to which to route the packet.

Step 4 

Switch(config-route-map)# interface interface-type interface-number

Specifies the interface, and puts the switch into interface configuration mode.

Step 5 

Switch(config-if)# ip policy route-map map-tag

Identifies the route map to use for PBR. One interface can have only one route map tag; but you can have several route map entries, each with its own sequence number. Entries are evaluated in order of their sequence numbers until the first match occurs. If no match occurs, packets are routed as usual.

The set commands can be used in conjunction with each other. They are evaluated in the order shown in Step 3 in the previous task table. A usable next hop implies an interface. Once the local switch finds a next hop and a usable interface, it routes the packet.

Configuration Examples for PBR


Note The examples shown below involve the use of the access-list command (ACL). The log keyword should not be used with this command in policy-based routing (PBR) because logging is not supported at the interrupt level for ACLs.


ip access-list ext pbr-acl1
  10 permit ip 20.1.0.0 0.0.255.255 30.0.0.0 0.0.0.255
ip access-list ext pbr-acl2
 20 permit ip 20.2.0.0 0.0.255.255 30.0.0.0 0.0.0.255
route-map pbr permit 10
   match ip address pbr-acl1
   set ip next-hop 11.1.1.2,
route-map pbr1 permit 20
   match ip address pbr-acl2
   set ip next-hop 12.1.1.2
route-map 111111 permit 10
   match ip address pbr-acl1
   set ip next-hop 14.1.1.2
route-map 222221 permit 20
   match ip address pbr-acl2
   set ip next-hop 13.1.1.2

Interface config physical port:

int gig 0/5
  ip address 20.1.1.1 255.0.0.0
   ip policy route-map pbr

interface config on switchport SVI

 interface gi0/2
   switchport
   switchport mode trunk 
   vlan 100 
   int vla100 
   ip address 10.1.1.1 255.255.255.0
   ip policy route-map pbr

Interface Config on EFP BD SVI

 interface ten gig 0/1
   switchport
   switch mode trunk
   switchport trunk allowed vlan non
   service instance ether 10
   encap dotq1 100
   bridge-domain 100
interface vla100 
   ip address 10.1.1.1 255.255.255.0
   ip policy route-map pbr