- Preface
- Product Overview
- Virtual Switching Systems (VSS)
- IP Unicast Layer 3 Switching
-
- Cisco IOS ACL Support
- Cisco TrustSec (CTS)
- AutoSecure
- MAC Address-Based Traffic Blocking
- Port ACLs (PACLs)
- VLAN ACLs (VACLs)
- Policy-Based Forwarding (PBF)
- Denial of Service (DoS) Protection
- Control Plane Policing (CoPP)
- Dynamic Host Configuration Protocol (DHCP) Snooping
- IP Source Guard
- Dynamic ARP Inspection (DAI)
- Traffic Storm Control
- Unknown Unicast Flood Control
- IEEE 802.1X Port-Based Authentication
- Configuring Web-Based Authentication
- Port Security
- Lawful Intercept
- Online Diagnostic Tests
- Migrating From a 12.2SX QoS Configuration
- Index
Policy-Based Routing (PBR)
- Prerequisites for PBR
- Restrictions for PBR
- Information About PBR
- Default Settings for PBR
- How to Configure PBR
- Configuration Examples for PBR
Note ● For complete syntax and usage information for the commands used in this chapter, see these publications:
http://www.cisco.com/en/US/products/ps11846/prod_command_reference_list.html
- Cisco IOS Release 15.1SY supports only Ethernet interfaces. Cisco IOS Release 15.1SY does not support any WAN features or commands.
http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html
Participate in the Technical Documentation Ideas forum
Prerequisites for PBR
Restrictions for PBR
The PFC and any DFCs provide the hardware support for the following:
– set ip next-hop (2,000 instances)
- If the RP address falls within the range of a PBR ACL, traffic addressed to the RP is policy routed in hardware instead of being forwarded to the RP. To prevent policy routing of traffic addressed to the RP, configure PBR ACLs to deny traffic addressed to the RP.
- Local PBR.
- IPv4 PBR recursive next-hop with load balancing.
- IPv6 PBR is supported in software.
- IPv6 PBR recursive next-hop is not supported.
- If a PBR route map sequence does not have any set clauses configured, then all the packets matching the entry are punted to the CPU and processed in software.
Information About PBR
PBR Overview
PBR is an alternative to routing protocols and allows you to configure a policy for unicast traffic flows, which provides more control over routing than a routing protocol does and avoids the need to configure interface-level traffic classification. PBR can route unicast traffic along a different path than a routing protocol would use. PBR can provide:
- Equal access
- Protocol-sensitive routing
- Source-sensitive routing
- Routing based on interactive rather than batch traffic
- Routing based on dedicated links
PBR route maps can be configured to do the following:
- Allow or deny paths based on the identity of a particular end system, an application protocol, or the size of packets or a combination of these values.
- Classify traffic based on extended access list criteria.
- Set IP precedence bits.
- Route packets to specific paths.
PBR applies a route map to all ingress unicast traffic received on a PBR-enabled interface. PBR cannot be applied to egress traffic or to multicast traffic.
If the ingress unicast traffic does not match any route map statements, the route map applies all the configured set clauses. Routing protocols forward traffic that matches a route-map deny statement and traffic that does not match any route-map permit statements.
PBR Recursive Next Hop for IPv4 Traffic
The PBR Recursive Next Hop feature enables configuration of a recursive next-hop address in a PBR route map. The recursive next-hop address is installed in the routing table and can be a subnet that is not directly connected. If the recursive next-hop address is not available, traffic is routed using a default route.
Default Settings for PBR
How to Configure PBR
Note For information about Multi-VRF Selection Using Policy Based Routing (PBR VRF), see this document:
http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_mltvrf_slct_pbr.html
Configuring PBR
To configure PBR on an interface, use the following commands beginning in global configuration mode:
The set commands can be used in conjunction with each other. They are evaluated in the order shown in Step 3 in the previous task table. A usable next hop implies an interface. Once the local router finds a next hop and a usable interface, it routes the packet.
Configuring Local PBR
To configure PBR for all traffic that originates on the switch, perform this task:
|
|
---|---|
Note ● Local PBR traffic is processed in software on the RP.
Configuring PBR Recursive Next Hop
Setting the Recursive Next-Hop IP Address
Note PBR supports only one recursive next-hop IP address per route-map entry.
Verifying the Recursive Next-Hop Configuration
To verify the recursive next-hop configuration, perform the following steps.
Step 1 show running-config | begin abccomp
Use this command to verify the IP addresses for a next-hop and recursive next-hop IP address, for example:
Step 2 show route-map map-name
Use this command to display the route maps, for example:
Configuration Examples for PBR
Note The examples shown below involve the use of the access-list command (ACL). The log keyword should not be used with this command in policy-based routing (PBR) because logging is not supported at the interrupt level for ACLs.
Equal Access Example
The following example provides two sources with equal access to two different service providers. Packets arriving on asynchronous interface 1 from the source 209.165.200.225 are sent to the router at 209.165.200.228 if the router has no explicit route for the destination of the packet. Packets arriving from the source 209.165.200.226 are sent to the router at 209.165.200.229 if the router has no explicit route for the destination of the packet. All other packets for which the router has no explicit route to the destination are discarded.
Differing Next Hops Example
The following example illustrates how to route traffic from different sources to different places (next hops), and how to set the Precedence bit in the IP header. Packets arriving from source 209.165.200.225 are sent to the next hop at 209.165.200.227 with the Precedence bit set to priority; packets arriving from source 209.165.200.226 are sent to the next hop at 209.165.200.228 with the Precedence bit set to critical.
Recursive Next-Hop IP Address: Example
The following example shows the configuration of IP address 10.3.3.3 as the recursive next-hop router:
http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html
Participate in the Technical Documentation Ideas forum