916
Configuring IP Unicast Routing
Configuring Protocol-Independent Features
You can use PBR to provide equal-access and source-sensitive routing, routing based on interactive versus batch traffic,
or routing based on dedicated links. For example, you could transfer stock records to a corporate office on a
high-bandwidth, high-cost link for a short time while transmitting routine application data such as e-mail over a
low-bandwidth, low-cost link.
With PBR, you classify traffic using access control lists (ACLs) and then make traffic go through a different path. PBR is
applied to incoming packets. All packets received on an interface with PBR enabled are passed through route maps.
Based on the criteria defined in the route maps, packets are forwarded (routed) to the appropriate next hop.
If packets do not match any route map statements, all set clauses are applied.
If a statement is marked as permit and the packets do not match any route-map statements, the packets are sent
through the normal forwarding channels, and destination-based routing is performed.
For PBR, route-map statements marked as deny are not supported.
For more information about configuring route maps, see
Using Route Maps to Redistribute Routing Information,
.
You can use standard IP ACLs to specify match criteria for a source address or extended IP ACLs to specify match criteria
based on an application, a protocol type, or an end station. The process proceeds through the route map until a match
is found. If no match is found, normal destination-based routing occurs. There is an implicit deny at the end of the list of
match statements.
If match clauses are satisfied, you can use a set clause to specify the IP addresses identifying the next hop router in the
path.
For details about PBR commands and keywords, see
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS
PBR Configuration Guidelines
Before configuring PBR, you should be aware of this information:
Multicast traffic is not policy-routed. PBR applies to only to unicast traffic.
You can enable PBR on a routed port or an SVI.
The switch does not support
route-map deny
statements for PBR.
You can apply a policy route map to an EtherChannel port channel in Layer 3 mode, but you cannot apply a policy
route map to a physical interface that is a member of the EtherChannel. If you try to do so, the command is rejected.
When a policy route map is applied to a physical interface, that interface cannot become a member of an
EtherChannel.
You can define a maximum of 246 IP policy route maps on the switch.
You can define a maximum of 512 access control entries (ACEs) for PBR on the switch.
When configuring match criteria in a route map, follow these guidelines:
—
Do not match ACLs that permit packets destined for a local address. PBR would forward these packets, which
could cause ping or Telnet failure or route protocol flapping.
—
Do not match ACLs with deny ACEs. Packets that match a deny ACE are sent to the CPU, which could cause
high CPU utilization.
To use PBR, you must first enable the default template by using the
sdm prefer default
global configuration
command. PBR is not supported with the Layer 2 template.
VRF and PBR are mutually-exclusive on a switch interface. You cannot enable VRF when PBR is enabled on an
interface. In contrast, you cannot enable PBR when VRF is enabled on an interface.
Содержание IE 4000
Страница 12: ...8 Configuration Overview Default Settings After Initial Switch Configuration ...
Страница 52: ...48 Configuring Interfaces Monitoring and Maintaining the Interfaces ...
Страница 108: ...104 Configuring Switch Clusters Additional References ...
Страница 128: ...124 Performing Switch Administration Additional References ...
Страница 130: ...126 Configuring PTP ...
Страница 140: ...136 Configuring CIP Additional References ...
Страница 146: ...142 Configuring SDM Templates Configuration Examples for Configuring SDM Templates ...
Страница 192: ...188 Configuring Switch Based Authentication Additional References ...
Страница 244: ...240 Configuring IEEE 802 1x Port Based Authentication Additional References ...
Страница 274: ...270 Configuring SGT Exchange Protocol over TCP SXP and Layer 3 Transport Configuring Cisco TrustSec Caching ...
Страница 298: ...294 Configuring VLANs Additional References ...
Страница 336: ...332 Configuring STP Additional References ...
Страница 408: ...404 Configuring DHCP Additional References ...
Страница 450: ...446 Configuring IGMP Snooping and MVR Additional References ...
Страница 490: ...486 Configuring SPAN and RSPAN Additional References ...
Страница 502: ...498 Configuring Layer 2 NAT ...
Страница 559: ...555 Configuring Network Security with ACLs How to Configure Network Security with ACLs Creating a Numbered Extended ACL ...
Страница 770: ...766 Configuring IPv6 MLD Snooping Related Documents ...
Страница 930: ...926 Configuring IP Unicast Routing Related Documents ...
Страница 956: ...952 Configuring IPv6 Unicast Routing Configuring IPv6 network 2010 AB8 2 48 network 2010 AB8 3 48 exit address family ...
Страница 976: ...972 Configuring Cisco IOS IP SLAs Operations Additional References ...
Страница 978: ...974 Dying Gasp ...
Страница 990: ...986 Configuring Enhanced Object Tracking Monitoring Enhanced Object Tracking ...
Страница 994: ...990 Configuring MODBUS TCP Displaying MODBUS TCP Information ...
Страница 996: ...992 Ethernet CFM ...
Страница 1030: ...1026 Working with the Cisco IOS File System Configuration Files and Software Images Working with Software Images ...
Страница 1066: ...1062 Using an SD Card SD Card Alarms ...