Differences

This shows you the differences between two versions of the page.

Link to this comparison view

switches:create_a_new_pbr [2019/03/15 18:05] (current)
ericclaus created
Line 1: Line 1:
 +======Create a new Policy Based Routing Policy=====
 +Policy based routing is used on the core switch to route traffic from each VLAN to the appropriate default ​ (default route), aka the appropriate interface on the firewall. ​
  
 +In this tutorial, PBR will be used to assign the default route address of 172.17.1.2 to VLAN 110, whose subnet is 172.17.1.0/​24. Command examples will first show the format for the command and then the command used for this example policy. ​
 +
 +To exit a config level, type ''​exit''​.
 +
 +There are three steps to create a new PBR. 
 +
 +  - First, a class needs to be created. This class determines which criteria is used to match traffic being routed. All traffic coming in from the VLAN will have an IP in the VLAN's subnet range, so class will be an ipv4 class which classifies traffic based on IPv4 information. ​
 +    - Create the new class and name it according to the naming convention in use (use ''​show class config''​ to see existing class names). ​
 +      - <​code>​class ipv4 <​name></​code>​
 +      - <​code>​class ipv4 v110</​code>​
 +    - Create a rule to determine which traffic is matched.
 +      - <​code><​int>​ match ip <subnet address> <​mask>​ <​destination address (for default route use 0.0.0.0)>​ <​destination mask></​code>​
 +      - <​code>​10 match ip 172.17.1.0 0.0.0.255 0.0.0.0 255.255.255.255</​code>​
 +    - Then, exit the class config.
 +  - Next, the PBR policy needs to be created. This policy will use the newly created class to determine which traffic to match. It will then assign the address to use as the default gateway (the default next hop).
 +    - Create the policy and name it according to the naming convention in use (use ''​show policy vlan all''​ to see the existing policy names). ​
 +      - <​code>​policy pbr <​name></​code>​
 +      - <​code>​policy pbr v110</​code>​
 +    - Assign the new class to the PBR policy.
 +      - <​code><​int>​ class ipv4 "<​class name>"</​code>​
 +      - <​code>​10 class ipv4 "​v110"</​code>​
 +    - Finally, define the action to be taken once traffic is matched to the class. In this case, it will be specifing the default next-hop.
 +      - <​code>​action ip default-next-hop <IP address></​code>​
 +      - <​code>​action ip default-next-hop 172.17.1.2</​code>​
 +    - Exit the policy config.
 +  - The last step is to assign the new PBR policy to the desired VLAN. 
 +    - <​code>​vlan <VLAN ID> service-policy <policy name> in</​code>​
 +    - <​code>​vlan 110 service-policy v110 in</​code>​
 +
 +
 +''​write memory''​ to save the config.
 +
 +Traffic coming from the specified VLAN with a destination unknown to the switch will now be routed to the appropriate default gateway. ​
 +
 +You can double check the class and policy by using the following commands to view their configurations and VLAN assignments.
 +<​code>​show class ipv4 <class name></​code>​
 +<​code>​show class ipv4 config</​code>​
 +<​code>​show class vlan <VLAN ID></​code>​
 +<​code>​show policy <policy name></​code>​
 +<​code>​show policy config</​code>​
 +<​code>​show policy vlan <VLAN ID|all></​code>​
  • switches/create_a_new_pbr.txt
  • Last modified: 2019/03/15 18:05
  • by ericclaus