About Policy-Based Routing
PBR Route-Map Processing Logic Example
Consider a route-map called rm-test defined as follows:
!
•
Note
•
Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG
38-4
access-list 101
permit tcp host 61.1.1.1 host 133.3.3.1 eq 101
access-list 102
deny
access-list 2102 permit tcp host 61.1.1.1 host 133.3.3.1 eq 102
access-list 104
deny
access-list 2104 permit tcp host 61.1.1.1 host 133.3.3.1 eq 104
access-list 105
permit tcp host 61.1.1.1 host 133.3.3.1 eq 105
route-map rm-test permit 21
match ip address 101
set ip next-hop 21.1.1.1
!
route-map rm-test permit 22
match ip address 102
set ip next-hop 22.2.2.1
!
route-map rm-test permit 23
match ip address 101 2102
set interface vlan23
!
route-map rm-test deny 24
match ip address 104
set ip next-hop 24.4.4.1
route-map rm-test deny 25
match ip address 105
set ip next-hop 25.5.5.1
!
route-map rm-test permit 26
match ip address 2104
set ip next-hop 26.6.6.1
TCP packet from 61.1.1.1 to 133.3.3.1 with destination port 101
–
Matches ACL 101 in sequence #21.
–
PBR is switched through next-hop 21.1.1.1.
ACL 101 is also matched in sequence #23, but the processing doesn't reach that point
TCP packet from 61.1.1.1 to 133.3.3.1 with destination port 102
–
In sequence #21, the ACL 101 action denies this packet (because all ACLs have an implicit
deny). Processing advances to sequence #22.
–
In sequence #22, ACL 102 matches TCP port 102, but the ACL action is deny. Processing
advances to sequence #23.
–
In sequence #23, ACL 2102 matches TCP port 102, and the ACL action is permit.
–
Packet is switched to output interface VLAN 23.
tcp host 61.1.1.1 host 133.3.3.1 eq 102
tcp host 61.1.1.1 host 133.3.3.1 eq 104
Chapter 38
Configuring Policy-Based Routing
OL-25340-01