About Pbr - Cisco Catalyst 4500 Series Configuration Manual

About Policy-Based Routing
You can set up PBR as a way to route packets based on configured policies. For example, you can
implement routing policies to allow or deny paths based on the identity of a particular end system, or an
application protocol.
PBR allows you to perform the following tasks:
•
•
Policies can be based on IP address, port numbers, or protocols. For a simple policy, use any one of these
descriptors; for a complicated policy, all of them.

About PBR

All packets received on an interface with PBR enabled are passed through enhanced packet filters known
as route maps. The route maps used by PBR dictate the policy, determining to where the packets are
forwarded.
Route maps are composed of statements, which can be marked as permit or deny. They are interpreted
in the following ways:
•
•
This is explained in more detail in the section
You specify PBR on the incoming interface (the interface on which packets are received), not outgoing
interface.
Understanding Route-Maps
PBR is implemented by applying a route-map on an incoming interface. A given interface can have only
one route-map configured.
A route-map is configured at the global configuration parser mode. You can then apply this route-map
on one or more interfaces (in the interface configuration parser sub-mode).
A route-map is comprised of one or more route-map statements. Each statement has a sequence number,
as well as a permit or deny clause.
Each route-map statement contains match and set commands. The match command denotes the match
criteria to be applied on the packet data. The set command denote the PBR action to be taken on the
packet.
The following example shows a single route-map called rm-test and six route-map statements:
Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG
38-2
Classify traffic based on extended access list criteria. Access lists, and then establish the match
criteria.
Route packets to specific traffic-engineered paths.
If a statement is marked as deny, the packets meeting the match criteria are sent back using the
normal forwarding channels and destination-based routing is performed.
If the statement is marked as permit and a packet matches the access-lists, then the first valid set
clause is applied to that packet.
route-map rm-test permit 21
match ip address 101
set ip next-hop 21.1.1.1
!
route-map rm-test permit 22
match ip address 102
set ip next-hop 22.2.2.1
!
Chapter 38
Understanding Route-Maps, page
Configuring Policy-Based Routing
38-2.
OL-25340-01