Cisco | PBR in Cisco Nexus switches
Berikut Konfigurasinya NEXUS
From above output, we can see, for any outgoing traffic, next-hop is 172.16.0.1 which is R-1. Now, let’s verify from the source PC.
All the traffic is going through R-1 which is expected. We will make sure, PC-02 (192.168.1.11) doesn’t follow PBR when the destination is 1.1.1.1. So, let’s get started.
Lest konfiguraion on NEXUS
ACCESS-LIST
ip access-list OUR_PBR_DENY_ACL
permit ip host 192.168.1.11 host 1.1.1.1
ip access-list OUR_PBR_PERMIT_ACL
permit ip host 192.168.1.11 any ROUTE-MAProute-map LetsConfig_PBR_MAP deny 10
match ip address OUR_PBR_DENY_ACL
!
route-map LetsConfig_PBR_MAP permit 20
match ip address OUR_PBR_PERMIT_ACL
set ip next-hop 172.16.0.5 APPLY ROUTE-MAP
int eth1/3
ip policy route-map LetsConfig_PBR_MAPAdditional Configuration:
If we want to see the PBR statistics, then we need to add below command.route-map LetsConfig_PBR_MAP pbr-statistics Verification
NEXUS# show route-map LetsConfig_PBR_MAP pbr-statistics
route-map LetsConfig_PBR_MAP, deny, sequence 10
Policy routing matches: 11 packets
route-map LetsConfig_PBR_MAP, permit, sequence 20
Policy routing matches: 9 packetsIt’s clearly showing, we are getting hits, which means our PBR is
working. You also can trace from PC-02 to make sure it’s working.
PC-02> trace 1.1.1.1
trace to 1.1.1.1, 8 hops max, press Ctrl+C to stop
1 192.168.1.1 4.554 ms 2.957 ms 3.200 ms
2 172.16.0.1 35.764 ms 6.290 ms 6.447 ms
3 103.21.40.1 5.785 ms 6.705 ms 6.705 ms
PC-02> trace 2.2.2.2
trace to 2.2.2.2, 8 hops max, press Ctrl+C to stop
1 192.168.1.1 3.549 ms 9.537 ms 4.240 ms
2 172.16.0.5 9.304 ms 5.785 ms 6.705 ms
3 103.21.40.5 6.126 ms 6.603 ms 5.030 ms
PC-02> trace 4.4.4.4
trace to 4.4.4.4, 8 hops max, press Ctrl+C to stop
1 192.168.1.1 4.237 ms 4.183 ms 2.886 ms
2 172.16.0.5 6.126 ms 6.603 ms 5.030 ms
3 103.21.40.5 4.554 ms 2.957 ms 3.200 ms
Posting Komentar untuk "Cisco | PBR in Cisco Nexus switches"