Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

Cisco ME 3800x and ME 3600x Switches Software Configuration Guide, Cisco IOS Release 15.4(2)S

Book Contents
Find Matches in This Book
Available Languages

Results

Updated:
February 9, 2018

Chapter: Configuring Policy-Based Routing (PBR)

Configuring Policy-Based Routing (PBR)

Prerequisites for PBR

For Cisco ME 3600X, the PBR feature is supported with the application SDM template. For Cisco ME 3800X, this feature is supported with the scaled license.

Note The PBR feature does not work with the default template.

Restrictions for PBR

Note PBR is not supported on a VRF interface.

  • PBR is an ingress only feature.
  • These IPv4 PBR commands are supported:

match ip address

set ip next-hop

  • The command set ip default next-hop is not supported.
  • The switch does not support route-map deny statements.
  • Local PBR is not supported.
  • IPv4 PBR recursive next-hop is not supported.
  • IPv6 PBR is not supported in software.
  • IPv6 PBR recursive next-hop is not supported.

Information About PBR

PBR Overview

Policy-based routing (PBR) provides a mechanism for expressing and implementing forwarding/routing of data packets based on the policies defined by the network administrators. It provides a more flexible mechanism for routing packets through routers, complementing the existing mechanism provided by routing protocols such as RIP, OSPF, or EIGRP. Instead of routing by the destination address, policy-based routing allows network administrators to determine and implement routing policies to allow or deny paths.

A policy contains one or more route-map(s). A policy can be applied to one or more input interfaces. A policy is identified by a unique tag. Each route map is assigned a unique sequence number, so that classification up to the first match across multiple route-maps is executed in rank order. A match is found when sections of a packet’s Layer 3 and Layer 4 headers are equivalent to those specified in a route-map’s access control list, packet-length range entry, and/or IP source address entry. PBR policy application is bypassed if no match is found.

How to Configure PBR

Configuring PBR

To configure PBR on an interface, use the following commands beginning in global configuration mode:

 

Command
Purpose

Step 1

Switch(config)# route-map map-tag [ permit | deny ] [ sequence-number ]

Defines a route map to control where packets are output. This command puts the switch into route-map configuration mode.

Step 2

Switch(config-route-map)# match ip address { access-list-number | name }

Specifies the match criteria.

Although there are many route-map matching options, here you can specify only length and/or ip address.

  • ip address matches the source or destination IP address that is permitted by one or more standard or extended access lists.

If you do not specify a match command, the route map applies to all packets.

Step 3

Switch(config-route-map)# set ip next-hop ip-address

 

 

Specifies the action(s) to take on the packets that match the criteria. You can specify any or all of the following:

  • next-hop: Sets next hop to which to route the packet.

Step 4

Switch(config-route-map)# interface interface-type interface-number

Specifies the interface, and puts the switch into interface configuration mode.

Step 5

Switch(config-if)# ip policy route-map map-tag

Identifies the route map to use for PBR. One interface can have only one route map tag; but you can have several route map entries, each with its own sequence number. Entries are evaluated in order of their sequence numbers until the first match occurs. If no match occurs, packets are routed as usual.

The set commands can be used in conjunction with each other. They are evaluated in the order shown in Step 3 in the previous task table. A usable next hop implies an interface. Once the local switch finds a next hop and a usable interface, it routes the packet.

Configuration Examples for PBR

Note The examples shown below involve the use of the access-list command (ACL). The log keyword should not be used with this command in policy-based routing (PBR) because logging is not supported at the interrupt level for ACLs.

ip access-list ext pbr-acl1
10 permit ip 20.1.0.0 0.0.255.255 30.0.0.0 0.0.0.255
ip access-list ext pbr-acl2
20 permit ip 20.2.0.0 0.0.255.255 30.0.0.0 0.0.0.255
route-map pbr permit 10
match ip address pbr-acl1
set ip next-hop 11.1.1.2,
route-map pbr1 permit 20
match ip address pbr-acl2
set ip next-hop 12.1.1.2
route-map 111111 permit 10
match ip address pbr-acl1
set ip next-hop 14.1.1.2
route-map 222221 permit 20
match ip address pbr-acl2
set ip next-hop 13.1.1.2

 

Interface Configuration Physical Port:

int gig 0/5
ip address 20.1.1.1 255.0.0.0
ip policy route-map pbr

 

Interface Configuration on Switchport SVI

interface gi0/2
switchport
switchport mode trunk
vlan 100
int vla100
ip address 10.1.1.1 255.255.255.0
ip policy route-map pbr

Interface Configuration on EFP BD SVI

interface ten gig 0/1
switchport
switch mode trunk
switchport trunk allowed vlan non
service instance ether 10
encap dotq1 100
bridge-domain 100
interface vla100
ip address 10.1.1.1 255.255.255.0
ip policy route-map pbr
 

 

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

Related Cisco Community Discussions

About Us
Contact Us
Work with Us