Solved: Re: PBR for specific destination IPs for for selected source IPs

Adnan Khan · ‎11-23-2022

Hi

Can I setup PBR for some destination IP and only for selected source IPs? If yes then what will be the configuration?

for example

Source IPs: 172.16.1.10-20

First Destination IP: x.x.x.x/32 

Second Destination IP: y.y.y.y/32

MHM Cisco World · ‎11-23-2022

ip access-list extended 100 
permit ip <Source IPs: 172.16.1.10-20> <First Destination IP: x.x.x.x/32 >

ip access-list extended 110
permit ip <Source IPs: 172.16.1.10-20> < Second Destination IP: y.y.y.y/32 >

route-map MHM permit 10 
match ip add 100 
set ip next-hop <ISP1>
route-map MHM permit 20 
match ip add 110 
set ip next-hop <ISP2>

interface <LAN> 
ip policy route-map MHM

View solution in original post

MHM Cisco World · ‎11-23-2022

ip access-list extended 100 
permit ip <Source IPs: 172.16.1.10-20> <First Destination IP: x.x.x.x/32 >

ip access-list extended 110
permit ip <Source IPs: 172.16.1.10-20> < Second Destination IP: y.y.y.y/32 >

route-map MHM permit 10 
match ip add 100 
set ip next-hop <ISP1>
route-map MHM permit 20 
match ip add 110 
set ip next-hop <ISP2>

interface <LAN> 
ip policy route-map MHM

Adnan Khan · ‎11-23-2022

Many thanks MHM Cisco World for details output. I was looking for the same and really appreciate that.

hcalderon · ‎11-24-2022

Hello MHM I great solution..

I have one router + 2 ISP

One question... I have something similar, but in my case is all the trafic I recive from internet and Nat for a particular private host, if all the traffic I recive ( source any from internet) is reaching me by ISP 1 and some traffic is reaching me by ISP 2 how can I return that trafict by that same ISP 2, I mean:

ip nat source static 1.1.1.1 1024 180.x.x.x. ( my public ISP 1)  1024 

ip nat source static 1.1.1.2 8000 180.x.x.x. ( my public ISP 2)  8000 

How  can I return 1.1.1.1 ----> any by ISP2 if my default  route 0.0.0.0 is ISP1 and ISP 2 is floating.

Giuseppe Larosa · ‎11-23-2022

Hello @Adnan Khan ,

yes it can be done by using extended ip

access-list

as a match criteria in the PBR related

route-map

configuration. This is supported.

All traffic that will not match the ACL(s) will be processed by standard destination based routing i.e. using the RIB on the device.

Effective PBR requires application of the ip policy

route-map

PBR on the inbound rx direction where the packets are received (the LAN interface)

A configuration example has been provided by @MHM Cisco World .

Final note:

try to think more in binary also for your examples:

source IP 172.16.1.10 -20

is not that immediate when you have the write the ACL

172.16.1.1-172.16.1.15 could be  rendered with a single line 172.16.1.0 0.0.0.15

Hope to help

Giuseppe

Adnan Khan · ‎11-23-2022

Many thanks for reply. My desired result is some source IP with specific destination should route through next hop i define in PBR and any other traffic for the same source users and rest of the users should pass through normal RIB. Just trying to load balance some traffic for some users for specific destinations on internet. Is there any config sample you care to share here please.