Search this Blog

Thursday, January 9, 2014

How to configure PBR?


What are the main steps to configure the Policy- Based Routing(PBR) on the interface?

PBR on cisco router can be configure using following steps:

Step.1::Configure ACLs. 

Permit statement in ACL is what will be matched. You don't want to permit everything,by default the implicit deny at the bottom of the ACL and just create an ACL that permits what you going to take action on in the route-map.

Example: 
Router(config)# access-list 101 permit ip any host 10.1.1.1(This ACL permits only traffic with a destination IP of 10.1.1.1)

Step.2::Configure route map instances.

Route maps are similar to Access Control Lists (ACLs), but have these enhanced capabilities:

     ->Modifying certain fields in the packet.  
       
    ->Forwarding packets in a specified manner.
       
    ->Filtering and modifying the attributes of a route.


Route maps can have a sequence of statements. Each entry in a route map statement contains a combination of match and set commands. The route map statements also have a permit or deny action. For PBR, the match command defines the criteria for matching the packets based on the defined policy. The set command defines the action to be taken on the matched packets. The action could either be modifying or forwarding the packet, bypassing the normal routing based on the IP routing table. Packets that are denied by a route map statement, or those that are not matched by any statement, are forwarded normally based on the IP routing table.
Route map can configured by issuing the route-map map-tag [permit | deny] [sequence-number] command in global configuration mode.

Example:
Router(config)# route-map 101traffic permit 10

Step.3::Configure match commands.

PBR allows the user to match packets based on the length and characteristics of a packet, using a standard or extended ACL.
To define the matching criteria based on the policy, issue these commands from route map configuration mode:

    match length minimum-length maximum-length  
    match ip address {access-list-number | access-list-name}

Step.4::Configure set commands.

Define the action to be taken on the packets that match the criteria using set command.
For PBR, this can be done by one of these options:

    ->A list of interfaces through which the packets should be routed.
    ->A list of specified next-hop IP addresses to which the packets have to be routed.  
    ->A list of default interfaces.
    ->A list of default next-hop IP addresses.

    ->IP precedence or ToS values in the packet.
Issue these commands in route map configuration mode:


    ->set interface interface-type interface-number  
    ->set ip next-hop ip-address

    ->set default interface interface-type interface-number
    ->set ip default next-hop ip-address

    ->set ip precedence [number | name]    
    ->set ip tos [number]

Step.5::Configure PBR on the interface.

you need to apply this policy/route-map to the interface where the traffic is coming in.

Example:
Router(config)# interface Fast Ethernet 0/0
Router(config-if)#ip policy route-map reroute10traffic

Step.6::(Optional) Configure local PBR.
Packets that are generated by the router are not normally policy routed. To enable PBR for packets generated by the router, issue the 
ip local policy route-map  command.

Example: Router(config)#ip local policy route-map 101 traffic

Verification Command:

->To test the policy, issue show route-map command on router.You will able to determine whether packets are being policy routed.

->To check policy,issue Show ip policy command.


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

No comments :

Post a Comment

 
/* Google Analytics begin ----------------------------------------------- */ /* Google Analytics end ----------------------------------------------- */