HP ProCurve Secure Router 7203 dl Advanced Management And Configuration Manual page 757

In this example, a university uses a ProCurve Secure Router to connect to the
Internet. The university wants to provide the many resources of the Internet
to both its students and its professors. However, the administration is aware
that students, in particular, often pose security risks. Technically savvy stu-
dents might attempt to hack into servers on the Internet or to spread viruses.
Therefore, the university has installed an IDS to filter Internet traffic from
students and to detect and prevent misuse of the Internet connection. The
router should forward all student traffic destined to the Internet to the IDS.
After processing the traffic, the IDS will return the traffic to the router to be
sent over the Internet.
So that the IDS is not overburdened, the router is allowed to forward traffic
from trusted hosts directly to the Internet. The university defines professors
as trusted hosts.
You would configure PBR on the university's ProCurve Secure Router so that
the router will distinguish between traffic from professors and from students
and route such traffic differently. (See Figure 13-32.)
Professors
Network
192.168.16.0 /21
Figure 13-32. Using PBR for Basic Traffic Engineering
You should consider these issues:
Site A
Core Switch
Router A
Eth 0/2
Students
Network
192.168.24.0 /21
How will the router distinguish between the two types of traffic?
In this example, students and professors are assigned to different subnets.
You would configure an ACL to select traffic from student subnets for
source-based PBR.
IP Routing—Configuring RIP, OSPF, BGP, and PBR
PPP1
IDS
Configuring Policy-Based Routing
ISP
13-143