Connectivity Guide
track track-id
OS10(config)# track 200
2 Congure reachability of the next-hop address through the VRF instance.
ip ip-address reachablility vrf vrf-name
OS10(conf-track-200)#
OS10(conf-track-200)# ip 1.1.1.1 reachability vrf red
OS10(conf-track-200)#exit
3 Congure the route-map.
route-map route-map-name
OS10(config-route-map)#
OS10(config-route-map)# match ip address acl1
4 Set the track ID congured in step 1 to the route-map.
set ip vrf vrf-name nexy-hop next-hop-address track-id track-id-number
OS10(config-route-map)# set ip vrf red next-hop 1.1.1.1 track-id 200
5 Apply the route-map to the interface where trac is ingressing on the VRF instance.
interface interface-type
ip policy route-map route-map-name
OS10(config)# interface vlan 40
OS10(conf-if-vl-40)#
OS10(conf-if-vl-40)# ip policy route-map test
OS10(conf-if-vl-40)# show configuration
!
NOTE
: Ensure you congure next-hop IP address tracking and PBR next-hop with the same VRF instance. For next-hop
reachability in the same VRF instance, you must congure both PBR per VRF and object tracking. Missing either the
next-hop IP address tracking or PBR next-hop conguration in a VRF instance results in an erroneous conguration.
However, the system does not display an error message indicating problems in the conguration.
Use PBR to permit and block specic trac
This section explains how to permit specic trac through an interface using PBR.
Congure the interface
1 Create a VLAN interface.
OS10(Config)# interface vlan999
2 Enable the interface.
OS10(Conf-if-999)# no shutdown
3 Enter an IP address to the interface.
OS10(Conf-if-999)# ip address 10.99.0.251/16
Dene the PBR parameters
• Create an ACL and dene what should be enabled for PBR processing.
ip access-list TEST-ACL
seq 10 permit tcp any any eq 80
seq 20 permit tcp any any eq 443
seq 30 permit tcp any any eq 21
seq 40 permit icmp any any
• Create an ACL and dene what should be excluded from PBR processing.
ip access-list TEST-ACL-DENY
seq 10 deny tcp 10.99.0.0/16 10.0.0.0/8 eq 80
seq 20 deny tcp 10.99.0.0/16 10.0.0.0/8 eq 443
598
Layer 3