beautypg.com

Enabling pbr, Enabling pbr globally, Enabling pbr locally – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 148

background image

The map-name variable is a string of characters that names the map. Map names can be up to 32
characters in length. You can define an unlimited number of route maps on the Brocade device, as long
as system memory is available.

The permit | deny parameter specifies the action the Brocade device will take if a route matches a
match statement:

• If you specify deny routemap instance, it is ignored and not programmed in Layer 4 CAM.
• If you specify permit, the Brocade device applies the match and set statements associated with this

route map instance.

The num variable specifies the instance of the route map you are defining. Routes are compared to the
instances in ascending numerical order. For example, a route is compared to instance 1, then instance
2, and so on.

PBR uses up to six route map instances for comparison and ignores the rest.

Syntax: [no] match ip address ACL-num-or-name

The ACL-num-or-name variable specifies a standard or extended ACL number or name.

Syntax: [no] set ip next-hop ip-addr [no-ttl-decrement]

The set ip next-hop command sets the next-hop IP address for traffic that matches a match statement
in the route map. The no-ttl-decrement option disables the TTL value decrement and ensures that the
packets are forwarded to the neighbor router without decrementing TTL for the matched traffic.

Syntax: [no] set interface null0

This command sends the traffic to the null0 interface, which is the same as dropping the traffic.

You can apply multiple ACLs to a route map by entering commands such as the following.

device(config)#route-map test-route

device(config-routemap test-route)match ip address 50 51 52 53 54

Enabling PBR

After you configure the ACLs and route map entries, you can enable PBR globally, on individual
interfaces, or both as described in this section. To enable PBR, you apply a route map you have
configured for PBR globally or locally.

Enabling PBR globally

To enable PBR globally, enter a command such as the following at the global CONFIG level.

device(config)#ip policy route-map test-route

This command applies a route map named "test-route" to all interfaces on the device for PBR.

Syntax: ip policy route-map map-name

Enabling PBR locally

To enable PBR locally, enter commands such as the following.

device(config)#interface ve 1

device(config-vif-1)#ip policy route-map test-route

The commands in this example change the CLI to the Interface level for virtual interface 1, then apply
the "test-route" route map to the interface. You can apply a PBR route map to Ethernet ports or virtual
interfaces.

Enabling PBR

148

FastIron Ethernet Switch Security Configuration Guide

53-1003088-03

See also other documents in the category Brocade Computer Accessories: