beautypg.com

Configuration examples for policy based routing, Basic example of policy based routing, Setting the next hop – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 149

background image

Syntax: ip policy route-map map-name

Enter the name of the route map you want to use for the route-map map-name parameter.

Configuration examples for policy based routing

This section presents configuration examples for configuring and applying a PBR policy.

Basic example of policy based routing

The following commands configure and apply a PBR policy that routes HTTP traffic received on virtual
routing interface 1 from the 10.10.10.x/24 network to 5.5.5.x/24 through next-hop IP address 1.1.1.1/24
or, if 1.1.1.x is unavailable, through 2.2.2.1/24.

deviceBrocade(config)#access-list 101 permit tcp 10.10.10.0 0.0.0.255 eq http 5.5.5.0

0.0.0.255

device(config)#route-map net10web permit 101

device(config-routemap net10web)#match ip address 101

device(config-routemap net10web)#set ip next-hop 1.1.1.1

device(config-routemap net10web)#set ip next-hop 2.2.2.2

device(config-routemap net10web)#exit

device(config)#vlan 10

device(config-vlan-10)#tagged ethernet 1/1 to 1/4

device(config-vlan-10)#router-interface ve 1

device(config)#interface ve 1

device(config-vif-1)#ip policy route-map net10web

Syntax: [no] route-map map-name { permit |deny } num

Syntax: [no] set ip next hopip-addr

This command sets the next-hop IP address for traffic that matches a match statement in the route
map.

Setting the next hop

The following commands configure the Brocade device to apply PBR to traffic from IP subnets
209.157.23.x, 10.157.24.x, and 209.157.25.x. In this example, route maps specify the next-hop gateway
for packets from each of these subnets:

• Packets from 209.157.23.x are sent to 192.168.2.1.
• Packets from 209.157.24.x are sent to 192.168.2.2.
• Packets from 209.157.25.x are sent to 192.168.2.3.

The following commands configure three standard ACLs. Each ACL contains one of the ACLs listed
above. Make sure you specify permit instead of deny in the ACLs, so that the Brocade device permits
the traffic that matches the ACLs to be further evaluated by the route map. If you specify deny , the
traffic that matches the deny statements are routed normally. Notice that these ACLs specify any for the
destination address.

device(config)#access-list 50 permit 209.157.23.0 0.0.0.255

device(config)#access-list 51 permit 209.157.24.0 0.0.0.255

device(config)#access-list 52 permit 209.157.25.0 0.0.0.255

The following commands configure three entries in a route map called "test-route". The first entry
(permit 50) matches on the IP address information in ACL 50 above. For IP traffic from subnet
209.157.23.0/24, this route map entry sets the next-hop IP address to 192.168.2.1.

device(config)#route-map test-route permit 50

device(config-routemap test-route)#match ip address 50

Configuration examples for policy based routing

FastIron Ethernet Switch Security Configuration Guide

149

53-1003088-03

See also other documents in the category Brocade Computer Accessories: