Configuration examples for pbr, Setting the next hop, Basic example of pbr – Brocade Communications Systems Brocade ICX 6650 6650 User Manual

Page 144

Advertising
background image

124

Brocade ICX 6650 Security Configuration Guide

53-1002601-01

Policy Based Routing

Configuration examples for PBR

This section presents configuration examples for configuring and applying a PBR policy.

Basic example of PBR

The following commands configure and apply a PBR policy that routes HTTP traffic received on
virtual routing interface 1 from the 10.10.10.x/24 network to 10.5.5.x/24 through next-hop IP
address 10.1.1.1/24 or, if 10.1.1.x is unavailable, through 10.2.2.1/24.

Syntax: [no] route-map map-name permit | deny num

Syntax: [no] set ip next hop ip-addr

This command sets the next-hop IP address for traffic that matches a match statement in the route
map.

Setting the next hop

The following commands configure the Brocade device to apply PBR to traffic from IP subnets
10.157.23.x, 10.157.24.x, and 10.157.25.x. In this example, route maps specify the next-hop
gateway for packets from each of these subnets:

Packets from 10.157.23.x are sent to 192.168.2.1.

Packets from 10.157.24.x are sent to 192.168.2.2.

Packets from 10.157.25.x are sent to 192.168.2.3.

The following commands configure three standard ACLs. Each ACL contains one of the ACLs listed
above. Make sure you specify permit instead of deny in the ACLs, so that the Brocade device
permits the traffic that matches the ACLs to be further evaluated by the route map. If you specify
deny, the traffic that matches the deny statements are routed normally. Notice that these ACLs
specify any for the destination address.

Brocade(config)# access-list 50 permit 10.157.23.0 0.0.0.255
Brocade(config)# access-list 51 permit 10.157.24.0 0.0.0.255
Brocade(config)# access-list 52 permit 19.157.25.0 0.0.0.255

The following commands configure three entries in a route map called “test-route”. The first entry
(permit 50) matches on the IP address information in ACL 50 above. For IP traffic from subnet
10.157.23.0/24, this route map entry sets the next-hop IP address to 192.168.2.1.

Brocade(config)# access-list 101 permit tcp 10.10.10.0 0.0.0.255 eq http 10.5.5.0
0.0.0.255
Brocade(config)# route-map net10web permit 101
Brocade(config-routemap net10web)# match ip address 101
Brocade(config-routemap net10web)# set ip next-hop 10.1.1.1
Brocade(config-routemap net10web)# set ip next-hop 10.2.2.2
Brocade(config-routemap net10web)# exit
Brocade(config)# vlan 10
Brocade(config-vlan-10)# tagged ethernet 1/1/1 to 1/1/4
Brocade(config-vlan-10)# router-interface ve 1
Brocade(config)# interface ve 1
Brocade(config-vif-1)# ip policy route-map net10web

Advertising
Popular Brands
Popular manuals