Tuesday, September 11, 2012

Policy Based Routing on Cisco Catalyst 3750

I want to share how I configured basic configuration Policy Based Routing (PBR) on Cisco.

To give you an idea here is a sample diagram how the PBR works.
This is a setup of network with 2 ISP, if you want to separate the users for using different ISP.

You can use Router as your PBR, in my case I used Cisco Catalyst 3750 as my PBR to decide where the packet will pass thru.

Config on cataly 3750

STEP 1. First set your Vlan SVI's
!

interface Vlan2
 ip address 10.2.0.1 255.255.0.0
!
interface Vlan4
 ip address 10.4.0.1 255.255.0.0
!
interface Vlan3
 ip address 10.5.0.1 255.255.0.0
!
interface Vlan5
 ip address 10.5.0.1 255.255.0.0
!

STEP 2. Create Access-list, for filtering
access-list 10 permit 10.2.0.0 0.0.255.255
access-list 10 permit 10.4.0.0 0.0.255.255
access-list 20 permit 10.3.0.0 0.0.255.255
access-list 20 permit 10.5.0.0 0.0.255.255

STEP 3. Now create Route-map;

route-map routetoISP1 permit 10
 match ip address 10
 set ip next-hop 10.0.0.1
!
route-map routetoISP2 permit 20
 match ip address 20
 set ip next-hop 10.0.0.2
!

and now for here put the MAGIC!


!
interface Vlan2
 ip address 10.2.0.1 255.255.0.0
 ip policy route-map routetoISP1
!
interface Vlan4
 ip address 10.4.0.1 255.255.0.0
 ip policy route-map routetoISP1
!
interface Vlan3
 ip address 10.5.0.1 255.255.0.0
 ip helper-address 10.0.0.4
 ip policy route-map routetoISP2
!
interface Vlan5
 ip address 10.5.0.1 255.255.0.0
 ip policy route-map routetoISP2
!


Here is the final config.


!
interface Vlan2
 ip address 10.2.0.1 255.255.0.0
 ip policy route-map routetoISP1
!
interface Vlan4
 ip address 10.4.0.1 255.255.0.0
 ip policy route-map routetoISP1
!
interface Vlan3
 ip address 10.5.0.1 255.255.0.0
 ip helper-address 10.0.0.4
 ip policy route-map routetoISP2
!
interface Vlan5
 ip address 10.5.0.1 255.255.0.0
 ip policy route-map routetoISP2
!
ip route 0.0.0.0 0.0.0.0 10.0.0.1
!
access-list 10 permit 10.2.0.0 0.0.255.255
access-list 10 permit 10.4.0.0 0.0.255.255
access-list 20 permit 10.3.0.0 0.0.255.255
access-list 20 permit 10.5.0.0 0.0.255.255
route-map routetoISP1 permit 10
 match ip address 10
 set ip next-hop 10.0.0.1
!
route-map routetoISP2 permit 20
 match ip address 20
 set ip next-hop 10.0.0.2
!


Posted by at

7 comments:

  1. UnknownApril 11, 2013 at 9:46 AM

    Thanks a lot for the info! Just what I needed!

    ReplyDelete
  2. UnknownApril 17, 2013 at 3:27 AM

    That's a few things I really want to know about setting up a network. Thanks for sharing such useful tip.

    video traffic academy testimonial

    ReplyDelete
  3. markjuneApril 17, 2013 at 6:18 PM

    hope it helps you alot! :)

    ReplyDelete
  4. PavanMarch 8, 2015 at 3:46 AM

    Hi This is good stuff.

    I want to to know where you tested this GNS3 or Packet Tracer please suggest i want to test the same, please mail me on pavan.rambatla@gmail.com

    Thanks in advance.
    Regards,
    Pavan

    ReplyDelete
  5. facktorAZEApril 18, 2016 at 6:35 AM

    Hi This is good ,
    interface Vlan3
    ip address 10.5.0.1 255.255.0.0 ?

    replace ip address 10.3.0.1

    ReplyDelete
  6. UnknownJuly 13, 2017 at 3:48 PM

    If you want all vlan except vlan 229 to go to isp1, then can you create only only one route map/policy/access list for vlan229 to go to isp 2 and use default ip route for all other vlans?

    ReplyDelete

Subscribe to: Post Comments (Atom)