White Papers
8 Using Policy Based Routing and Access Control Lists in a Virtualized Network
The following commands are used on the switch or switch stack.
Enable routing…
console(config)#ip routing
Create three Access-Lists…
console(config)#ip access-list accounting
console(config-ip-acl)#permit ip 10.1.5.0 0.0.0.255 any
console(config-ip-acl)#exit
console(config)#ip access-list hr
console(config-ip-acl)#permit ip 10.1.6.0 0.0.0.255 any
console(config-ip-acl)#exit
console(config)#ip access-list inter-communications
console(config-ip-acl)#permit ip 10.1.5.0 0.0.0.255 10.1.6.0 0.0.0.255
console(config-ip-acl)#permit ip 10.1.6.0 0.0.0.255 10.1.5.0 0.0.0.255
console(config-ip-acl)#exit
Create a Route-Map with three sequences (10, 20, 30)…
console(config)#route-map equal-access deny 10
console(config-route-map)#match ip address inter-communications
console(config-route-map)#exit
console(config)#route-map equal-access permit 20
console(config-route-map)#match ip address accounting
console(config-route-map)#set ip next-hop 192.168.6.6
console(config-route-map)#exit
console(config)#route-map equal-access permit 30
console(config-route-map)#match ip address hr
console(config-route-map)#set ip next-hop 172.16.7.7
console(config-route-map)#exit
Set the ISP-A port configuration…
console(config)#vlan 101
console(config-vlan101)#exit
console(config)#interface vlan 101
console(config-if-vlan101)#ip address 172.16.7.6 255.255.255.0
console(config-if-vlan101)#interface Te1/0/1
console(config-if-Te1/0/1)#switchport trunk allowed vlan all
console(config-if-Te1/0/1)#switchport mode trunk
console(config-if-Te1/0/1)#exit
Set the ISP-B port configuration…
console(config)#vlan 102
console(config-vlan102)#exit
console(config)#interface vlan 102
console(config-if-vlan102)#ip address 192.168.6.5 255.255.255.0
console(config-if-vlan102)#interface Te1/0/2
console(config-if-Te1/0/2)#switchport trunk allowed vlan all
console(config-if-Te1/0/2)#switchport mode trunk
console(config-if-Te1/0/2)#exit
VLAN configuration for HR and Accounting…
console(config)#vlan 111
console(config-vlan111)#exit