04-01-2013 05:27 AM - edited 03-07-2019 12:34 PM
Hi,
I am in process of installing a WebFilter between my Main router and my firewall.
I need to build a PBR based on Traffic type or port.
Can i do that?
For example i need all traffic that comes from subnet 10.10.0.1/21 to go to destination X if traffic is on port 80 or 443
Does PBR support traffic identification? or it is only based on source and destination IP?
Thx
Solved! Go to Solution.
04-01-2013 05:41 AM
Hello,
You can do this with PBR, an example is below:
conf t
!
ip access-list extended HTTP_ONLY
permit tcp 10.10.10.0 0.0.7.255 any eq 80
permit tcp 10.10.10.0 0.0.7.255 any eq 443
!
route-map HTTP_NEXTHOP permit 10
match ip address HTTP_ONLY
set ip next-hop x.x.x.x
!
interface gi0/1
ip policy route-map HTTP_NEXTHOP
You need to remember to set the policy on the interface with incoming traffic.
So my example says any traffic, coming in from interface gi0/1 which matches the IP in the 10.10.10.0/21 network that is port 80 or 443 then forward it on to the next hop router...
Under the route-map you can specify different actions:
Specifies the action(s) to take on the packets that match the criteria. You can specify any or all of the following:
for your reference:
Hope this helps.
Please rate useful posts and remember to mark any solved questions as answered. Thank you.
04-01-2013 05:31 AM
PBR does support identifying traffic by transport protocol port number such as 80 and 443. So it will do very well what you are asking.
HTH
Rick
04-01-2013 05:34 AM
thx Richard for your quick reply.
do u have an example on how can i write such a policy?
within the official PBR documentation it is not written.
Thx
04-01-2013 05:41 AM
Hello,
You can do this with PBR, an example is below:
conf t
!
ip access-list extended HTTP_ONLY
permit tcp 10.10.10.0 0.0.7.255 any eq 80
permit tcp 10.10.10.0 0.0.7.255 any eq 443
!
route-map HTTP_NEXTHOP permit 10
match ip address HTTP_ONLY
set ip next-hop x.x.x.x
!
interface gi0/1
ip policy route-map HTTP_NEXTHOP
You need to remember to set the policy on the interface with incoming traffic.
So my example says any traffic, coming in from interface gi0/1 which matches the IP in the 10.10.10.0/21 network that is port 80 or 443 then forward it on to the next hop router...
Under the route-map you can specify different actions:
Specifies the action(s) to take on the packets that match the criteria. You can specify any or all of the following:
for your reference:
Hope this helps.
Please rate useful posts and remember to mark any solved questions as answered. Thank you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide