Forgot password?
 Register now

Welcome to use this form to feedback your problems with Ruijie Community

The category of your feedback

Your Feedback

Your Email address (optional):

Official
How to configure plocy-based route (PBR) on ruijie device? Reply

admin

Level 4

How to configure plocy-based route (PBR) on ruijie device?
3765 0 2022-3-18 18:16:22
Original
Applied scenarios
As shown in the following topology, there are two egress switches, Switch 3 and Switch 4, between Switch 1 and the Internet. Distribute the Internet access traffic from the Intranet 172.16.1.0/24 to Switch 3 and the Internet access traffic from the Intranet 172.16.2.0/24 to Switch 4.

Case of configuration
a) Network Topology
                     
b) Configuration Tips
1) Configure the basic IP addresses.
2) Configure the basic IP routes to enable full reachability through the entire network.
3) On Switch 1, configure the ACL to match the Intranet traffic.
4) Configure the policy routing.
5) Apply policy routing.

c) Configuration Steps
1) Configure the basic IP addresses.
Ruijie(config)#hostname SW1
SW1(config)#interface gigabitEthernet 1/3
SW1(config-if-GigabitEthernet 1/3)#no switchport
SW1(config-if-GigabitEthernet 1/3)#ip address 192.168.1.1 255.255.255.0
SW1(config-if-GigabitEthernet 1/3)#exit
SW1(config)#interface gigabitEthernet 1/2
SW1(config-if-GigabitEthernet 1/2)#no switchport
SW1(config-if-GigabitEthernet 1/2)#ip address 192.168.2.1 255.255.255.0
SW1(config-if-GigabitEthernet 1/2)#exit
SW1(config)#interface gigabitEthernet1/2
SW1(config-if-GigabitEthernet 1/2)#no switchport
SW1(config-if-GigabitEthernet 1/2)#ip address 192.168.3.1 255.255.255.0
SW1(config-if-GigabitEthernet 1/2)#exit

Ruijie(config)#hostname SW2
SW2(config)#interface gigabitEthernet 1/3
SW1(config-if-GigabitEthernet 1/3)#no switchport
SW2(config-if-GigabitEthernet 1/3)#ip address 192.168.1.2 255.255.255.0
SW2(config-if-GigabitEthernet 1/3)#exit
SW2(config)#interface gigabitEthernet 1/1
SW2(config-if-GigabitEthernet 1/1)#no switchport
SW2(config-if-GigabitEthernet 1/1)#ip address 172.16.1.1 255.255.255.0
SW2(config-if-GigabitEthernet 1/1)#exit
SW2(config)#interface gigabitEthernet 1/2
SW2(config-if-GigabitEthernet 1/2)#no switchport
SW2(config-if-GigabitEthernet 1/2)#ip address 172.16.2.1 255.255.255.0
SW2(config-if-GigabitEthernet 1/2)#exit

Ruijie(config)#hostname SW3
SW3(config)#interface gigabitEthernet 1/1
SW3(config-if-GigabitEthernet 1/1)#no switchport
SW3(config-if-GigabitEthernet 1/1)#ip address 192.168.2.2 255.255.255.0
SW3(config-if-GigabitEthernet 1/1)#exit

Ruijie(config)#hostname SW4
SW4(config)#interface gigabitEthernet 1/1
SW4(config-if-GigabitEthernet 1/1)#no switchport
SW4(config-if-GigabitEthernet 1/1)#ip address 192.168.3.2 255.255.255.0
SW4(config-if-GigabitEthernet 1/1)#exit

2) Configure the basic IP routes to enable full reachability through the entire network.
SW1(config)#ip route 172.16.0.0 255.255.0.0 192.168.1.2
SW2(config)#ip route 100.1.1.0 255.255.255.0 192.168.1.1
SW3(config)#ip route 172.16.0.0 255.255.0.0 192.168.2.1
SW4(config)#ip route 172.16.0.0 255.255.0.0 192.168.3.1

3) On Switch 1, configure the ACL to match the Intranet traffic.
SW1(config)#ip access-list standard 10        
SW1(config-std-nacl)#10 permit 172.16.1.0 0.0.0.255
SW1(config-std-nacl)#exit
SW1(config)#ip access-list standard 20   
SW1(config-std-nacl)#10 permit 172.16.2.0 0.0.0.255
SW1(config-std-nacl)#exit

4) Configure the policy routing.
SW1(config)#route-map uijie permit 10      
SW1(config-route-map)#match ip address 10   
SW1(config-route-map)#set ip next-hop 192.168.2.2
SW1(config-route-map)#exit
SW1(config)#route-map uijie permit 20
SW1(config-route-map)#match ip address 20
SW1(config-route-map)#set ip next-hop 192.168.3.2
SW1(config-route-map)#exit

Note:
1) The route map executes policy matching from top to bottom. When the data traffic matches a policy, it is forwarded based on the matched policy and is not longer matched to the follow-up policies.
2) The route map has a deny any statement on the bottom, which enables normal IP route forwarding for data traffic that does not match any policies and avoids discarding such Intranet traffic.
3) The set ip next-hop statement allows you to set the IP address of the next hop or the egress interface of the data packet. The IP address of the next hop is recommended.
4) Apply policy routing.
SW1(config)#interface gigabitEthernet 1/3
SW1(config-if-GigabitEthernet 1/3)#ip policy route-map ruijie   
SW1(config-if-GigabitEthernet 1/3)#exit

Note:
Policy routing must be applied on the in direction interface of the data packets, not the interface in the out direction. This is because policy routing sets the next hop of the data packet in force when it passes through the router. As the router has completed IP route modification on the data packet on the interface in the out direction, the data packet is sent from the interface directly and policy routing applied on the out direction does not take effect.

Verification
Perform route tracking with data packets destined for the Internet 100.1.1.0/24 with source addresses on SW2. If the data packet sourced from 172.16.1.0/24 reaches the Internet through R3 and the data packet sourced from 172.16.2.0/24 reaches the Internet through Switch 4, policy routing is configured correctly.
SW2#traceroute 100.1.1.1 source 172.16.1.1
  < press Ctrl+C to break >
Tracing the route to 100.1.1.1

1    192.168.1.1 0 msec 0 msec 0 msec
2    192.168.2.2 10 msec 0 msec 10 msec   

SW2#traceroute 100.1.1.1 source 172.16.2.1
  < press Ctrl+C to break >
Tracing the route to 100.1.1.1

1    192.168.1.1 0 msec 0 msec 0 msec
2    192.168.3.2 10 msec 0 msec 10 msec  






RG-S5300-48GT4XS-E

Switch
There are no replies.
Related Posts
Product Model

Share this topic to

Cancel

This site contains user submitted content, comments and opinions and is for informational purposes only. Ruijie may provide or recommend responses as a possible solution based on the information provided; every potential issue may involve several factors not detailed in the conversations captured in an electronic forum and Ruijie can therefore provide no guarantee as to the efficacy of any proposed solutions on the community forums. Ruijie disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Ruijie Community Terms of Use.

More ways to get help: Visit Support Videos, call us via Service Hotline, Facebook or Live Chat.

©2000-2023 Ruijie Networks Co,Ltd