Connectivity Guide
Policy-based routing
PBR provides a mechanism to redirect IPv4 and IPv6 data packets based on the policies dened to override the switch’s forwarding
decisions based on the routing table.
Policy-based route-maps
A route-map is an ordered set of rules that controls the redistribution of IP routes into a protocol domain. When you enable PBR on an
interface, all IPv4 or IPv6 data packets process based on the policies that you dene in the route-maps. The rules dened in route-maps are
based on access control lists (ACLs) and next-hop addresses, and only apply to ACLs used in policy-based routing.
You can create a route-map that species the match criteria and resulting action if all the match clauses are met. After you create the
route-map, you can enable PBR for that route-map on a specic interface. Route-maps contain match and set statements that you can
mark as permit.
Access-list to match route-map
You can assign an IPv4 or IPv6 access-list to match a route-map. The IP access list contains the criteria to match the trac content based
on the header eld, such as the destination IP or source IP.
When permit or deny is present in the access-list, it is omitted and the action present in the route-map command is used for
policy-based routing. The permit keyword in the route-map statement indicates policy-based routing. The deny keyword in the route-
map statement indicates a switch-based forwarding decision, a PBR exception. Only use access list for the packet match criteria in policy-
based routing.
1 Assign an access-list to match the route-map in CONFIGURATION mode.
ip access-list access-list-name
2 Set the IP address to match the access-list in IP-ACL mode.
permit ip ip-address
Congure IPv4 access-list to match route-map
OS10(config)# ip access-list acl5
OS10(conf-ipv4-acl)# permit ip 10.10.10.0/24 any
Congure IPv6 access-list to match route-map
OS10(config)# ipv6 access-list acl8
OS10(conf-ipv6-acl)# permit ipv6 10::10 any
Set address to match route-map
You can set an IPv4 or IPv6 address to match a route-map.
1 Enter the IPv4 or IPv6 address to match and specify the access-list name in Route-Map mode.
match {ip | ipv6} address access-list-name
2 Set the next-hop IP address in Route-Map mode.
set {ip | ipv6} next-hop ip-address
594
Layer 3