Thursday, July 17, 2014

Configuration examples Route Map and Policy-Based Routing

This article will show how to use Policy-Based Routing to different default routes are used based on the source of the ip address. Let me show you the diagram and the configuration step. The example below should cover basic route-map configuration.
The previous diagram illustrates the structure of Route Map and Policy-Based Routing
IP Address Assignment:
  • VLAN 10  Management Vlan       IP address: 146.10.50.xx/24
  • VLAN 20  Server Vlan                 IP address: 146.20.50.xx/24
  • VLAN 30  Wireless Lan VIP        IP address: 146.30.50.xx/24
  • VLAN 31  Wireless Lan Visitor    IP address: 146.30.50.xx/24
  • VLAN 40  Workstation Vlan         IP address: 146.40.50.xx/24
Step 1 - Defining an ACL
Create a simple ACL:
  SGHQSL1-4506(config)#ip access-list extended WVIP
  SGHQSL1-4506(config-ext-nacl)# permit ip host any
  SGHQSL1-4506(config-ext-nacl)# permit ip host any
  SGHQSL1-4506(config)#ip access-list extended WVISITOR
  SGHQSL1-4506(config-ext-nacl)# permit ip any

Step 2 - Creating a route-map
To create a route-map, go into route-map configuration mode, like this:
  SGHQSL1-4506(config)#route-map InternetWVISITOR permit 5
  SGHQSL1-4506(config-route-map) #match ip address WVISITOR
  SGHQSL1-4506(config-route-map) #set ip next-hop 
  SGHQSL1-4506(config)#route-map InternetWVIP permit 10
  SGHQSL1-4506(config-route-map) #match ip address WVIP
  SGHQSL1-4506(config-route-map) #set ip next-hop 
In this example, this will match all the traffic permitted through access-list WVIP change the next-hop to and all the traffice permitted through access-list WVISITOR change the next-hop to

Step 3 - Applying the route-map to the interface
Next, you need to apply this policy/route-map to the interface where the traffic is coming in.
  SGHQSL1-4506(config)#interface Vlan30
  SGHQSL1-4506(config-if)#ip policy route-map InternetWVIP
  SGHQSL1-4506(config)#interface Vlan31
  SGHQSL1-4506(config-if)#ip policy route-map InternetWVISITOR

Some helpful commands to monitor and verify the access list, route-map and ip policy.
SGHQSL1-4506#sh ip policy
Interface      Route map
Vlan30         InternetWVIP
Vlan31         InternetWVISITOR
SGHQSL1-4506#sh route-map
route-map InternetWVIP, permit, sequence 10
  Match clauses:
    ip address (access-lists): VIP
  Set clauses:
    ip next-hop
  Policy routing matches: 17846460 packets, 2246593826 bytes
route-map InternetWVISITOR, permit, sequence 10
  Match clauses:
    ip address (access-lists): wlan
  Set clauses:
    ip next-hop
  Policy routing matches: 2450155 packets, 322873006 bytes

SGHQSL1-4506#sh access-lists WVIP
Extended IP access list WVIP
    10 permit ip host any
    20 permit ip host any (278 matches)
SGHQSL1-4506#sh access-lists WVISITOR
Extended IP access list WVISITOR
    10 permit ip any (2470017 matches)
Note: The traffic that does not match the policy uses the default route configured in the core switch.


It's a great and informative article .Keep it up for sharing.

Really useful for me :thanks keep it continue.

Really you post very valuable post for everyone.

Cisco network academy

The information you have given here is truly helpful to me. CCNA- It’s a certification program based on routing & switching for starting level network engineers that helps improve your investment in knowledge of networking & increase the value of employer’s network...
ccna institutes in Chennai|ccna training center in Chennai

This information is impressive; I am inspired with your post writing style & how continuously you describe this topic. After reading your post, thanks for taking the time to discuss this, I feel happy about it and I love learning more about this topic.
SAP course in chennai|SAP training|SAP Training in Chennai|sap course in Chennai

The usage of third party storage system for the data storage can be avoided in cloud computing and we can store, access the data through internet.
cloud computing training in chennai | cloud computing courses in chennai

Fantastic and useful we blog thanks for publishing's useful and informative.keep up the great.
Network Management System in UK

Hey Nice Blog!! Thanks For Sharing!!!Wonderful blog & good post.Its really helpful for me, waiting for a more new post. Keep Blogging!
networking training
ccna Training

This blog is full of Innovative ideas.surely i will look into this insight.please add more information's like this soon.
AWS Course in Anna Nagar
Best AWS Training Institute in Anna nagar
AWS Courses in T nagar
AWS Training Institutes in T nagar

Post a Comment