https://community.extremenetworks.com/t5/faqs/s-n-k-series-policy-based-routing-example-selects-among-multiple/m-p/50452#M660 Article ID: 13620 <BR /> <BR /> <B>Products</B><BR /> S-Series<BR /> Matrix N-Series DFE, firmware 7.11.01.0025 and higher<BR /> K-Series <BR /> <BR /> <B>Goals</B><BR /> Use different PBR next-hop addresses depending on packet characteristics. <BR /> <BR /> <B>Solution</B><BR /> This may be accomplished by specifying more than one map within the assigned route-map, with each map represented by a sequence number. When evaluating a PBR route-map for a routed packet, the process walks through each map in sequence. <BR /> <BR /> In the firmware 7.x sample configuration shown here...<UL> <LI>Initially, map 10 yields a packet match to the NacWebRedirect access-list if the packet uses both TCP port 80 and DSCP value af12 (<A href="http://bit.ly/1rOVKny" target="_blank" rel="nofollow noreferrer noopener">5811</A>). If it does match, then it is forwarded to the next-hop address as defined ("10.10.12.1"). </LI><LI>Otherwise, map 20 (next in sequence) yields a packet match to the ACL-SourceIP access-list if the packet's Source IP address falls within one of the specified (reverse-masked) ranges. If it does match, then it is forwarded to the next-hop address as defined ("10.10.0.6"). </LI><LI>This process may continue for further iterations as desired. Here there are only two maps configured. </LI><LI>When all relevant maps have been examined with no match, then (by default: <A href="http://bit.ly/1d12d2G" target="_blank" rel="nofollow noreferrer noopener">13123</A>) the packet is forwarded per the routing table.</LI></UL>configure terminal<BR /> !<BR /> ip access-list extended NacWebRedirect<BR /> permit tcp any any eq 80 dscp af12<BR /> exit<BR /> !<BR /> ip access-list standard ACL-SourceIP<BR /> permit 10.10.179.0 0.0.0.255<BR /> permit 10.10.250.0 0.0.0.255<BR /> permit 10.10.248.0 0.0.0.255<BR /> permit 10.10.200.0 0.0.0.255<BR /> permit 10.10.253.224 0.0.0.31<BR /> permit 10.10.254.0 0.0.0.255<BR /> permit 10.10.181.0 0.0.0.255<BR /> permit 10.10.251.254 0.0.0.255<BR /> exit<BR /> !<BR /> route-map policy policy1 permit 10<BR /> match ip address NacWebRedirect<BR /> set next-hop 10.10.12.1<BR /> exit<BR /> route-map policy policy1 permit 20<BR /> match ip address ACL-Source-IP<BR /> set next-hop 10.10.0.6<BR /> exit<BR /> !<BR /> interface vlan.0.10 <BR /> ip address 10.10.0.129 255.255.255.248 primary<BR /> ip policy route-map policy1<BR /> no shutdown<BR /> exit<BR /> !<BR /> exitFor more information, please refer to the <A href="http://extranet.enterasys.com/downloads/" target="_blank" rel="nofollow noreferrer noopener">Configuration/CLI Guide</A> applicable to your product and firmware version. Fri, 06 Dec 2013 23:56:00 GMT FAQ_User 2013-12-06T23:56:00Z https://community.extremenetworks.com/t5/faqs/s-n-k-series-policy-based-routing-example-selects-among-multiple/m-p/50452#M660 Article ID: 13620 <BR /> <BR /> <B>Products</B><BR /> S-Series<BR /> Matrix N-Series DFE, firmware 7.11.01.0025 and higher<BR /> K-Series <BR /> <BR /> <B>Goals</B><BR /> Use different PBR next-hop addresses depending on packet characteristics. <BR /> <BR /> <B>Solution</B><BR /> This may be accomplished by specifying more than one map within the assigned route-map, with each map represented by a sequence number. When evaluating a PBR route-map for a routed packet, the process walks through each map in sequence. <BR /> <BR /> In the firmware 7.x sample configuration shown here...<UL> <LI>Initially, map 10 yields a packet match to the NacWebRedirect access-list if the packet uses both TCP port 80 and DSCP value af12 (<A href="http://bit.ly/1rOVKny" target="_blank" rel="nofollow noreferrer noopener">5811</A>). If it does match, then it is forwarded to the next-hop address as defined ("10.10.12.1"). </LI><LI>Otherwise, map 20 (next in sequence) yields a packet match to the ACL-SourceIP access-list if the packet's Source IP address falls within one of the specified (reverse-masked) ranges. If it does match, then it is forwarded to the next-hop address as defined ("10.10.0.6"). </LI><LI>This process may continue for further iterations as desired. Here there are only two maps configured. </LI><LI>When all relevant maps have been examined with no match, then (by default: <A href="http://bit.ly/1d12d2G" target="_blank" rel="nofollow noreferrer noopener">13123</A>) the packet is forwarded per the routing table.</LI></UL>configure terminal<BR /> !<BR /> ip access-list extended NacWebRedirect<BR /> permit tcp any any eq 80 dscp af12<BR /> exit<BR /> !<BR /> ip access-list standard ACL-SourceIP<BR /> permit 10.10.179.0 0.0.0.255<BR /> permit 10.10.250.0 0.0.0.255<BR /> permit 10.10.248.0 0.0.0.255<BR /> permit 10.10.200.0 0.0.0.255<BR /> permit 10.10.253.224 0.0.0.31<BR /> permit 10.10.254.0 0.0.0.255<BR /> permit 10.10.181.0 0.0.0.255<BR /> permit 10.10.251.254 0.0.0.255<BR /> exit<BR /> !<BR /> route-map policy policy1 permit 10<BR /> match ip address NacWebRedirect<BR /> set next-hop 10.10.12.1<BR /> exit<BR /> route-map policy policy1 permit 20<BR /> match ip address ACL-Source-IP<BR /> set next-hop 10.10.0.6<BR /> exit<BR /> !<BR /> interface vlan.0.10 <BR /> ip address 10.10.0.129 255.255.255.248 primary<BR /> ip policy route-map policy1<BR /> no shutdown<BR /> exit<BR /> !<BR /> exitFor more information, please refer to the <A href="http://extranet.enterasys.com/downloads/" target="_blank" rel="nofollow noreferrer noopener">Configuration/CLI Guide</A> applicable to your product and firmware version. Fri, 06 Dec 2013 23:56:00 GMT https://community.extremenetworks.com/t5/faqs/s-n-k-series-policy-based-routing-example-selects-among-multiple/m-p/50452#M660 FAQ_User 2013-12-06T23:56:00Z