Solved: Re: cisco route 0.0.0.0 from specific source (PBR)

shlomoi · ‎08-08-2023

Hi,

We recently added another internet port to our network, I would like to pass through this port only a specific

vlan

The

vlan is 192.168.1.1/24

which will go through

10.10.2.1

At the moment the routing of all our networks is through the FW.

And I want only the

192.168.1.1

network to exit through the new line in the address

10.10.2.1

The equipment is connected to the

nexus 9k

Can someone help with PBR in

Nexus

Thanks

M02@rt37 · ‎08-08-2023

Hello @shlomoi,

Since you want to do PBR with

n9k

check documentation here:

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/6-x/unicast/configuration/guide/l3_cli_nxos/l3pbr.html

-Enable feature

--Create ACL that match subnet 192.168.1.0/24:

access-list XX permit 192.168.1.0 0.0.0.255

--Create route map that match your acl and set the desired next-gop:

route-map My-PBR permit 5

match address XX

set ip next-hop 10.10.2.1

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

Giuseppe Larosa · ‎08-08-2023

Hello @shlomoi ,

is the Nexus acting as L3 device ?

if the

subnet 192.168.1.0

is directly connected PBR has to be applied to the SVI vlan interface (L3 gateway logical interface)

if the

192.168.1.0

is internal and learned via another L3 device you need to apply PBR inbound on the L3 interface that would be used to reach the

192.168.1.0 subnet

You need to define an ACL that matches the

192.168.1.0 subnet

access-list 10 permit 192.168.1.0 0.0.0.255

route-map PBR permit 10

match address 10

set ip next-hop 10.10.2.1

Warning : being a Nexus you may need to enable a feature before you can use PBR

Edit:

you need

feature pbr

see the link provided by M02@rt37

Hope to help

Giuseppe

View solution in original post

Richard Burts · ‎08-08-2023

The command to associate PBR with the port is

ip policy <route-map-name>

applied in interface config mode.

HTH

Rick

View solution in original post

Flavio Miranda · ‎08-08-2023

Hi @shlomoi

Any reason for you to use PBR? Cause this can be achieved with the following command

ip route 192.168.1.1/24  10.10.2.1

M02@rt37 · ‎08-08-2023

Hello @shlomoi,

Since you want to do PBR with

n9k

check documentation here:

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/6-x/unicast/configuration/guide/l3_cli_nxos/l3pbr.html

-Enable feature

--Create ACL that match subnet 192.168.1.0/24:

access-list XX permit 192.168.1.0 0.0.0.255

--Create route map that match your acl and set the desired next-gop:

route-map My-PBR permit 5

match address XX

set ip next-hop 10.10.2.1

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Giuseppe Larosa · ‎08-08-2023

Hello @shlomoi ,

is the Nexus acting as L3 device ?

if the

subnet 192.168.1.0

is directly connected PBR has to be applied to the SVI vlan interface (L3 gateway logical interface)

if the

192.168.1.0

is internal and learned via another L3 device you need to apply PBR inbound on the L3 interface that would be used to reach the

192.168.1.0 subnet

You need to define an ACL that matches the

192.168.1.0 subnet

access-list 10 permit 192.168.1.0 0.0.0.255

route-map PBR permit 10

match address 10

set ip next-hop 10.10.2.1

Warning : being a Nexus you may need to enable a feature before you can use PBR

Edit:

you need

feature pbr

see the link provided by M02@rt37

Hope to help

Giuseppe

shlomoi · ‎08-08-2023

Hi,

The network

192.168.1.1

arrives in OSPF to the Nexus and from there it should go out

via 10.10.2.1

The port in Nexus is interface

Ethernet1/43

What is the command to associate the PBR with the port

Thank you

Richard Burts · ‎08-08-2023

The command to associate PBR with the port is

ip policy <route-map-name>

applied in interface config mode.

HTH

Rick

Richard Burts · ‎08-12-2023

I am glad that our suggestions have been helpful. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.

HTH

Rick