White Papers
13 Using Policy Based Routing and Access Control Lists in a Virtualized Network
Create a Route-Map to set the servers next-hop…
console(config)#route-map database-path permit
console(route-map)#match ip address db-backup-cos
console(route-map)#set ip next-hop 192.150.2.1
console(route-map)#exit
Assign Route-Map to VLAN…
console(config)#interface vlan 30
console(config-if-vlan30)#ip policy route-map database-path
console(config-if-vlan30)#exit
The IP policy route-map “database-path” is applied to the server interface. During the time specified in the
range, all packets from the server ingressing this interface are policy-routed to the next-hop address
192.150.2.1. For all other times outside of the range of 1:00 to 5:00 AM Thursday, the access-list is void
(therefore the route-map is also void), and traditional routing takes place for server packets.
To recap, the necessary steps to take for this example:
1. Create and embed the time-range in the access list configuration.
2. Embed the values in the route-map.
3. Add the values to the VLAN configuration.
4. Assign the values to the port.
3.1 Validation
Use the commands below to validate or help troubleshoot the configurations in Example 2..
console#show ip access-lists
Current number of ACLs: 1 Maximum number of ACLs: 100
ACL Name Rules Interface(s) Direction
---------------------------------------------------------------
db-backup-cos 1
console#show route-map
route-map "database-path" permit 10
Match clauses:
ip address (access-lists) : db-backup-cos
Set clauses:
ip next-hop 192.150.2.1
Policy routing matches: 0 packets, 0 bytes
Note: As seen above, the show route-map command keeps a counter of matched packets, which is
convenient in determining where those packets are sent through the router.