Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

Policy Based Routing

NetProtocol Xpert
NetProtocol Xpert

This document discusses using policy-based routing on a Cisco router to direct different types of traffic from two PCs to specific internet service providers (ISPs). PC1 traffic should always route through the slower ISP2 connection. PC2's Telnet and HTTPS traffic should use the more reliable ISP1, while other PC2 traffic uses ISP2. Access control lists are created to classify traffic, then a route map is used to implement the routing policies on the router's interface connected to the internal network.

1 of 12
www.netprotocolxpert.in
Policy Based Routing
Introduction:-  Is a most powerful feature you have available to you to direct traffic moving to your cisco router  Process applied to ingress interface of a router which override’s the normal routing process Objectives:-  PC1 surfs the internet all day doing nothing productive. All traffic from this PC should route out ISP, which is a slower internet connection. If ISP2 is down, PC1 should not be able to access the internet  PC2 handles sophisticated transactions. Both Telnet and HTTPS traffic should route towards ISP1, which is the more reliable connections. All other traffic from PC2 should router out ISP2  Traffic from other clients (not shown in this diagram) should route out ISP2.
Testing:-  Telnet from PC1 to ISP2 (200.200.200.5). This session should be connect to the ISP Router  Verify the traffic by using “show route-map” command on the R1.  Performing the telnet session to ISP1(200.200.200.1) should fail (Simply because ISP1 and ISP2 have no knowledge of each other)  Telnet from PC2 to ISP1 (200.200.200.1} .Both session should connect
Router1 interfaces Configuration interface FastEthernet0/0 description CONNECTED WITH SW1  ip address 192.168.2.1 255.255.255.0  no shut interface Serial1/0 description CONNECTED WITH ISP1  ip address 200.200.200.2 255.255.255.252  no shut interface Serial1/1 description CONNECTED WITH ISP2  ip address 200.200.200.6 255.255.255.252  no shut
ISP1 (actually a routers} interfaces configuration interface Serial1/0 description CONNECTED WITH R1  ip address 200.200.200.1 255.255.255.252  clock rate 64000  no shut  ip route 192.168.2.0 255.255.255.0 200.200.200.2 {for connecting R1 internal network}
ISP2 (actually a routers} interfaces configuration interface Serial1/1 description CONNECTED WITH R1  ip address 200.200.200.5 255.255.255.252  clock rate 64000  no shut  ip route 192.168.2.0 255.255.255.0 200.200.200.6 {for connecting R1 internal network}  First all the Devices ping each other But ISP1 and ISP2 do not ping each other
On ISP2  Create an access-list for permit PC1 and PC2 traffic  access-list 10 permit 192.168.2.50 {Permit PC1}  access-list 120 permit tcp host 192.168.2.100 any eq 443 {Permit PC2 https}  ccess-list 120 permit tcp host 192.168.2.100 any eq telnet {Permit PC2 telnet}
On ISP2 Now Implement the ACL into Route-map  route-map POLICY-DEMO permit 10 {POLICY-DEMO:- route-map name}  match ip address 10 {Match PC1 ACL 10}  set ip next-hop 200.200.200.5  {Set ISP2}  route-map POLICY-DEMO permit 20  match ip address 120 {Match PC2 ACL 120}  set ip next-hop 200.200.200.1 {Set ISP2 for Telnet & https}  route-map POLICY-DEMO permit 30  set ip next-hop 200.200.200.5 {Permit PC2 and All Traffic to ISP2}
On ISP2 Apply Route-map into R1 Fastethernet interface  interface FastEthernet0/0  description CONNECTED WITH SW1  ip policy route-map POLICY-DEMO {filter the incoming traffic from internal networks} Troubleshooting & Verification Commands  Show ip route  Show ip interface brief  Show access-list  Show route-map  Debug ip policy
Policy Based Routing
Policy Based Routing

More Related Content

Policy Based Routing

  • 3. Introduction:-  Is a most powerful feature you have available to you to direct traffic moving to your cisco router  Process applied to ingress interface of a router which override’s the normal routing process Objectives:-  PC1 surfs the internet all day doing nothing productive. All traffic from this PC should route out ISP, which is a slower internet connection. If ISP2 is down, PC1 should not be able to access the internet  PC2 handles sophisticated transactions. Both Telnet and HTTPS traffic should route towards ISP1, which is the more reliable connections. All other traffic from PC2 should router out ISP2  Traffic from other clients (not shown in this diagram) should route out ISP2.
  • 4. Testing:-  Telnet from PC1 to ISP2 (200.200.200.5). This session should be connect to the ISP Router  Verify the traffic by using “show route-map” command on the R1.  Performing the telnet session to ISP1(200.200.200.1) should fail (Simply because ISP1 and ISP2 have no knowledge of each other)  Telnet from PC2 to ISP1 (200.200.200.1} .Both session should connect
  • 5. Router1 interfaces Configuration interface FastEthernet0/0 description CONNECTED WITH SW1  ip address 192.168.2.1 255.255.255.0  no shut interface Serial1/0 description CONNECTED WITH ISP1  ip address 200.200.200.2 255.255.255.252  no shut interface Serial1/1 description CONNECTED WITH ISP2  ip address 200.200.200.6 255.255.255.252  no shut
  • 6. ISP1 (actually a routers} interfaces configuration interface Serial1/0 description CONNECTED WITH R1  ip address 200.200.200.1 255.255.255.252  clock rate 64000  no shut  ip route 192.168.2.0 255.255.255.0 200.200.200.2 {for connecting R1 internal network}
  • 7. ISP2 (actually a routers} interfaces configuration interface Serial1/1 description CONNECTED WITH R1  ip address 200.200.200.5 255.255.255.252  clock rate 64000  no shut  ip route 192.168.2.0 255.255.255.0 200.200.200.6 {for connecting R1 internal network}  First all the Devices ping each other But ISP1 and ISP2 do not ping each other
  • 8. On ISP2  Create an access-list for permit PC1 and PC2 traffic  access-list 10 permit 192.168.2.50 {Permit PC1}  access-list 120 permit tcp host 192.168.2.100 any eq 443 {Permit PC2 https}  ccess-list 120 permit tcp host 192.168.2.100 any eq telnet {Permit PC2 telnet}
  • 9. On ISP2 Now Implement the ACL into Route-map  route-map POLICY-DEMO permit 10 {POLICY-DEMO:- route-map name}  match ip address 10 {Match PC1 ACL 10}  set ip next-hop 200.200.200.5  {Set ISP2}  route-map POLICY-DEMO permit 20  match ip address 120 {Match PC2 ACL 120}  set ip next-hop 200.200.200.1 {Set ISP2 for Telnet & https}  route-map POLICY-DEMO permit 30  set ip next-hop 200.200.200.5 {Permit PC2 and All Traffic to ISP2}
  • 10. On ISP2 Apply Route-map into R1 Fastethernet interface  interface FastEthernet0/0  description CONNECTED WITH SW1  ip policy route-map POLICY-DEMO {filter the incoming traffic from internal networks} Troubleshooting & Verification Commands  Show ip route  Show ip interface brief  Show access-list  Show route-map  Debug ip policy