Using Access Control Lists (ACLs)
December 2000
13 - 29
•
Packets from 209.157.23.x are sent to 192.168.2.1.
•
Packets from 209.157.24.x are sent to 192.168.2.2.
•
Packets from 209.157.25.x are sent to 192.168.2.3.
The following commands configure three standard ACLs. Each ACL contains one of the ACLs listed above.
Make sure you specify
permit
instead of deny in the ACLs, so that the Layer 3 Switch permits the traffic that
matches the ACLs to be further evaluated by the route map. If you specify
deny
, the Layer 3 Switch denies the
traffic from further evaluation and instead drops the packets. Notice that these ACLs specify
any
for the
destination address.
BigIron(config)# access-list 1 permit 209.157.23.0 0.0.0.255
BigIron(config)# access-list 2 permit 209.157.24.0 0.0.0.255
BigIron(config)# access-list 3 permit 209.157.25.0 0.0.0.255
The following commands configure three entries in a route map called “test-route”. The first entry (permit 1)
matches on the IP address information in ACL 1 above. For IP traffic from sub-net 209.157.23.0/24, this route
map entry sets the next-hop IP address to 192.168.2.1.
BigIron(config)# route-map test-route permit 1
BigIron(config-routemap test-route)# match ip address 1
BigIron(config-routemap test-route)# set ip next-hop 192.168.2.1
BigIron(config-routemap test-route)# exit
The following commands configure the second entry in the route map. This entry (permit 2) matches on the IP
address information in ACL 2 above. For IP traffic from sub-net 209.157.24.0/24, this route map entry sets the
next-hop IP address to 192.168.2.2.
BigIron(config)# route-map test-route permit 2
BigIron(config-routemap test-route)# match ip address 2
BigIron(config-routemap test-route)# set ip next-hop 192.168.2.2
BigIron(config-routemap test-route)# exit
The following commands configure the third entry in the test-route route map. This entry (permit 3) matches on
the IP address information in ACL 3 above. For IP traffic from sub-net 209.157.25.0/24, this route map entry sets
the next-hop IP address to 192.168.2.3.
BigIron(config)# route-map test-route permit 3
BigIron(config-routemap test-route)# match ip address 3
BigIron(config-routemap test-route)# set ip next-hop 192.168.2.3
BigIron(config-routemap test-route)# exit
The following command enables PBR by globally applying the test-route route map to all interfaces.
BigIron(config)# ip policy route-map test-route
Alternatively, you can enable PBR on specific interfaces, as shown in the following example. The commands in
this example configure IP addresses in the three source sub-nets identified in ACLS 1, 2, and 3, then apply route
map test-route the interface.
BigIron(config)# interface ve 1
BigIron(config-vif-1)# ip address 209.157.23.1/24
BigIron(config-vif-1)# ip address 209.157.24.1/24
BigIron(config-vif-1)# ip address 209.157.25.1/24
BigIron(config-vif-1)# ip policy route-map test-route
Setting the Next Hop When no Next Hop Is Explicitly Configured
The following commands configure a PBR to set the next-hop gateway for traffic, but only if the Layer 3 Switch
does not already have a next-hop gateway specified for the traffic. In this example, a route map specifies the
next-hop gateway for packets from sub-net 192.168.1.x.
The following command configures a standard ACL for the sub-net.
BigIron(config)# access-list 4 permit 192.168.1.0 0.0.0.255 any
Summary of Contents for Switch and Router
Page 2: ...December 2000 Copyright 2000 by Foundry Networks Inc ...
Page 26: ...Foundry Switch and Router Installation and Configuration Guide xxvi December 2000 ...
Page 64: ...Foundry Switch and Router Installation and Configuration Guide 2 34 December 2000 ...
Page 162: ...Foundry Switch and Router Installation and Configuration Guide 5 38 December 2000 ...
Page 196: ...Foundry Switch and Router Installation and Configuration Guide 6 34 December 2000 ...
Page 208: ...Foundry Switch and Router Installation and Configuration Guide 7 12 December 2000 ...
Page 236: ...Foundry Switch and Router Installation and Configuration Guide 8 28 December 2000 ...
Page 258: ...Foundry Switch and Router Installation and Configuration Guide 9 22 December 2000 ...
Page 420: ...Foundry Switch and Router Installation and Configuration Guide 13 32 December 2000 ...
Page 442: ...Foundry Switch and Router Installation and Configuration Guide 14 22 December 2000 ...
Page 554: ...Foundry Switch and Router Installation and Configuration Guide 15 112 December 2000 ...
Page 574: ...Foundry Switch and Router Installation and Configuration Guide 16 20 December 2000 ...
Page 626: ...Foundry Switch and Router Installation and Configuration Guide 17 52 December 2000 ...
Page 682: ...Foundry Switch and Router Installation and Configuration Guide 18 56 December 2000 ...
Page 826: ...Foundry Switch and Router Installation and Configuration Guide 20 20 December 2000 ...
Page 994: ...Foundry Switch and Router Installation and Configuration Guide 26 10 December 2000 ...
Page 1004: ...Foundry Switch and Router Installation and Configuration Guide B 6 December 2000 ...
Page 1044: ...Foundry Switch and Router Installation and Configuration Guide C 40 December 2000 ...
Page 1048: ...Foundry Switch and Router Installation and Configuration Guide D 4 December 2000 ...
Page 1070: ...Foundry Switch and Router Installation and Configuration Guide Index 18 December 2000 ...