Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
808
Views
3
Helpful
6
Replies

cisco route 0.0.0.0 from specific source (PBR)

Go to solution
shlomoi
Level 1
Level 1

‎08-08-2023 07:27 AM - last edited on ‎08-10-2023 11:14 PM by Community Manager

Hi,

We recently added another internet port to our network, I would like to pass through this port only a specific

vlan

The

vlan is 192.168.1.1/24

which will go through

10.10.2.1

At the moment the routing of all our networks is through the FW.

And I want only the

192.168.1.1

network to exit through the new line in the address

10.10.2.1

The equipment is connected to the

nexus 9k

Can someone help with PBR in

Nexus

 

Thanks 

3 Accepted Solutions

Accepted Solutions

Go to solution
M02@rt37
VIP
VIP

‎08-08-2023 07:43 AM - last edited on ‎08-10-2023 11:15 PM by Community Manager

Hello @shlomoi,

Since you want to do PBR with

n9k

check documentation here:

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/6-x/unicast/configuration/guide/l3_cli_nxos/l3pbr.html

-Enable feature

--Create ACL that match subnet 192.168.1.0/24:

access-list XX permit 192.168.1.0 0.0.0.255

--Create route map that match your acl and set the desired next-gop:

route-map My-PBR permit 5

match address XX

set ip next-hop 10.10.2.1
Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎08-08-2023 07:46 AM - last edited on ‎08-10-2023 11:18 PM by Community Manager

Hello @shlomoi ,

is the Nexus acting as L3 device ?

if the

subnet 192.168.1.0

is directly connected PBR has to be applied to the SVI vlan interface (L3 gateway logical interface)

if the

192.168.1.0

is internal and learned via another L3 device you need to apply PBR inbound on the L3 interface that would be used to reach the

192.168.1.0 subnet

You need to define an ACL that matches the

192.168.1.0 subnet
access-list 10 permit 192.168.1.0 0.0.0.255

route-map PBR permit 10

match address 10

set ip next-hop 10.10.2.1

 

Warning : being a Nexus you may need to enable a feature before you can use PBR

Edit:

you need

feature pbr

see the link provided by M02@rt37 

Hope to help

Giuseppe

 

View solution in original post

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to shlomoi

‎08-08-2023 09:55 AM - last edited on ‎08-10-2023 11:20 PM by Community Manager

The command to associate PBR with the port is

ip policy <route-map-name>

applied in interface config  mode.

HTH

Rick

View solution in original post

6 Replies 6

Go to solution
Flavio Miranda
VIP
VIP

‎08-08-2023 07:40 AM - last edited on ‎08-10-2023 11:14 PM by Community Manager

Hi @shlomoi 

 Any reason for you to use PBR? Cause this can be achieved with the following command

ip route 192.168.1.1/24  10.10.2.1

 

0 Helpful

Go to solution
M02@rt37
VIP
VIP

‎08-08-2023 07:43 AM - last edited on ‎08-10-2023 11:15 PM by Community Manager

Hello @shlomoi,

Since you want to do PBR with

n9k

check documentation here:

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/6-x/unicast/configuration/guide/l3_cli_nxos/l3pbr.html

-Enable feature

--Create ACL that match subnet 192.168.1.0/24:

access-list XX permit 192.168.1.0 0.0.0.255

--Create route map that match your acl and set the desired next-gop:

route-map My-PBR permit 5

match address XX

set ip next-hop 10.10.2.1
Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎08-08-2023 07:46 AM - last edited on ‎08-10-2023 11:18 PM by Community Manager

Hello @shlomoi ,

is the Nexus acting as L3 device ?

if the

subnet 192.168.1.0

is directly connected PBR has to be applied to the SVI vlan interface (L3 gateway logical interface)

if the

192.168.1.0

is internal and learned via another L3 device you need to apply PBR inbound on the L3 interface that would be used to reach the

192.168.1.0 subnet

You need to define an ACL that matches the

192.168.1.0 subnet
access-list 10 permit 192.168.1.0 0.0.0.255

route-map PBR permit 10

match address 10

set ip next-hop 10.10.2.1

 

Warning : being a Nexus you may need to enable a feature before you can use PBR

Edit:

you need

feature pbr

see the link provided by M02@rt37 

Hope to help

Giuseppe

 

0 Helpful

Go to solution
shlomoi
Level 1
Level 1
In response to Giuseppe Larosa

‎08-08-2023 08:06 AM - last edited on ‎08-10-2023 11:19 PM by Community Manager

Hi,

The network

192.168.1.1

arrives in OSPF to the Nexus and from there it should go out

via 10.10.2.1


The port in Nexus is interface

Ethernet1/43

What is the command to associate the PBR with the port

Thank you

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to shlomoi

‎08-08-2023 09:55 AM - last edited on ‎08-10-2023 11:20 PM by Community Manager

The command to associate PBR with the port is

ip policy <route-map-name>

applied in interface config  mode.

HTH

Rick

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Richard Burts

‎08-12-2023 12:39 PM

I am glad that our suggestions have been helpful. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents