Corporate networks, which are typically used for multiple departments in an organization is often divided into VLANs for increased performance. Administrators can combine multiple physical switches into a single virtual network to create a more efficient use of bandwidth for interagency traffic. Members of each department, who often work remotely feel the performance increase despite the great geographical distance. By using routing policies other levels may be included resolution of the administrators of the rules of the incoming and outgoing traffic. These rules and settings can alter the way the network package.
Configuring PBR includes construction of route-map with the installation instructions, which include the appropriate route-map interface. IP routing must be enabled on the interfaces to control PBR. PBR can only be allowed for incoming traffic through these interfaces.
Enable PBR on the VLAN interface is routed, in which there is a comparison of all incoming packets on the interface route-map, according to the criteria which determined the appropriate routing rule. The interface can be only one policy route-map, but each may have multiple policy route-map, each of which is successively compared with the package in accordance with its priority. If one entry criterion is the criterion of the incoming packet, then selects the appropriate record routing rule. If two or more records meet the criteria, then it runs the rule, which has the highest priority, that is, the smallest number assigned. If no entry does not match, then the packets are routed by default.
Each route-map setting that is used for PBR configured as either a permit (allowed) or as deny (forbidden). If compliance is not according to the rules permit or deny routing, then the directive to drop the packet.
Configuration examples
DELL Networking - Traffic Isolation Routed to a range of IP addresses (or subnet) in the ISP A, and a second range of IP addresses (or subnet) in the ISP B.
Create access lists.
Enable routing… console(config)#ip routing Create three Access-Lists… console(config)#ip access-list accounting console(config-ip-acl)#permit ip 10.1.5.0 0.0.0.255 any console(config-ip-acl)#exit console(config)#ip access-list hr console(config-ip-acl)#permit ip 10.1.6.0 0.0.0.255 any console(config-ip-acl)#exit console(config)#ip access-list inter-communications console(config-ip-acl)#permit ip 10.1.5.0 0.0.0.255 10.1.6.0 0.0.0.255 console(config-ip-acl)#permit ip 10.1.6.0 0.0.0.255 10.1.5.0 0.0.0.255 console(config-ip-acl)#exit
Creating a Route-Map. Static routing.
Create a Route-Map with three sequences (10, 20, 30)… console(config)#route-map equal-access deny 10 console(config-route-map)#match ip address inter-communications console(config-route-map)#exit console(config)#route-map equal-access permit 20 console(config-route-map)#match ip address accounting console(config-route-map)#set ip next-hop 192.168.6.6 console(config-route-map)#exit console(config)#route-map equal-access permit 30 console(config-route-map)#match ip address hr console(config-route-map)#set ip next-hop 172.16.7.7 console(config-route-map)#exit
Setting the port configuration on the ISP-A. In this case, it produced VLAN-s interface with the assignment of IP-addresses, and set one of the ports in trunk mode.
console(config)#vlan 101 console(config-vlan101)#exit console(config)#interface vlan 101 console(config-if-vlan101)#ip address 172.16.7.6 255.255.255.0 console(config-if-vlan101)#interface Te1/0/1 console(config-if-Te1/0/1)#switchport trunk allowed vlan all console(config-if-Te1/0/1)#switchport mode trunk console(config-if-Te1/0/1)#exit
Setting the port configuration on the ISP-B. In this case, it produced VLAN-s interface with the assignment of IP-addresses, and set one of the ports in trunk mode.
console(config)#vlan 102 console(config-vlan102)#exit console(config)#interface vlan 102 console(config-if-vlan102)#ip address 192.168.6.5 255.255.255.0 console(config-if-vlan102)#interface Te1/0/2 console(config-if-Te1/0/2)#switchport trunk allowed vlan all console(config-if-Te1/0/2)#switchport mode trunk console(config-if-Te1/0/2)#exit
Configuring VLAN indicating the Route-Map.
console(config)#vlan 111 console(config-vlan111)#exit console(config)#interface vlan 111 console(config-if-vlan111)#ip address 10.1.5.1 255.255.0.0 console(config-if-vlan111)#ip policy route-map equal-access console(config-if-vlan111)# exit /* Configuring VLAN ports on the group access mode */ console(config)#interface range gigabitethernet all console(config-if)#switchport access vlan 111 console(config-if)#switchport mode access
Checking your results
console#show ip access-lists console#show route-map console#show ip policy console#show vlan
