White Papers
9 Using Policy Based Routing and Access Control Lists in a Virtualized Network
console(config)#interface vlan 111
console(config-if-vlan111)#ip address 10.1.5.1 255.255.0.0
console(config-if-vlan111)#ip policy route-map equal-access
console(config-if-vlan111)# exit
Assign interfaces to VLAN…
console(config)#interface range gigabitethernet all
console(config-if)#switchport access vlan 111
console(config-if)#switchport mode access
The ip policy route-map “equal-access” is applied to all HR and Accounting interfaces. All packets
ingressing these interfaces are policy-routed.
Route map sequence 10 in route map “equal-access” is used to match all packets sourced from any host
in the IP address range of 10.1.5.0 /24. If there is a match, it is sent to the next-hop address 192.168.6.6.
Route map sequence 20 in route map “equal-access” is used to match all packets sourced from any host
in the IP address range of 10.1.6.0 /24. If there is a match, it is sent to the next-hop address 172.16.7.7.
All other packets are forwarded as per normal L3 destination-based routing.
2.1 Validation
Use the commands below to validate or help troubleshoot the configuration in Example 1 – Traffic
Isolation.
console#show ip access-lists
Current number of ACLs: 2 Maximum number of ACLs: 100
ACL Name Rules Interface(s) Direction
---------------------------------------------------------------
accounting 1
hr 1
inter-communications 1
console#show route-map
route-map “equal-access” deny 10
Match clauses:
ip address (access-lists) : inter-communications
Set clauses:
Policy routing matches: 480 packets, 37440 bytes
route-map "equal-access" permit 20
Match clauses:
ip address (access-lists) : accounting
Set clauses:
ip default next-hop 192.168.6.6
Policy routing matches: 25 packets, 1950 bytes
route-map "equal-access" permit 30