##master-page:HomepageReadWritePageTemplate ##master-date:Unknown-Date #format wiki #language en = Cisco PBR = * Base routing decision on rules, rather than routing protocol and learned routed. * RISK: Hard to maintain, Can black hole traffic if network topology changes, as policy is fixed. * Debug: * debug ip policy * Example, applied to eth0, matches traffic entering, and forces it to eth1 if acl matches. * Note: The log keyword in access-list command is not supported by PBR. {{{ interface Ethernet0 ip address 172.16.1.1 255.255.255.0 no ip directed-broadcast ip policy route-map net-10 ! access-list 111 permit ip 10.0.0.0 0.255.255.255 any ! route-map net-10 permit 10 match ip address 111 set interface Ethernet1 !!<>!! !!or!!set ip next-hop 172.2.1.1 !!<>!! ! route-map net-10 permit 20 ! }}} * Note: * Policy Based Routing for encrypted traffic * Forward the decrypted traffic to a loopback interface in order to route the encrypted traffic based on policy routing and then do PBR on that interface. If the enrypted traffic is passed over a VPN tunnel then disable ip cef on the interface, and terminate the vpn tunnel. * --(Enables fast switching of PBR.)-- * --(Router(config-if)# ip route-cache policy)-- * Beginning in IOS 12.0, PBR is supported in CEF switching path. CEF-switched PBR has better performance than fast-switched PBR and, therefore, is the optimal way to perform PBR on a router. No special configuration is required to enable CEF-switched PBR. It is on by default as soon as you enable CEF and PBR on the router. * Enabling Local PBR * Packets that are generated by the router are not normally policy-routed. To enable local PBR for such packets, indicate which route map the router should use by using the following command in global configuration mode: * Router(config)# ip local policy route-map map-tag ... ---- CategoryCisco