04-01-2013 05:27 AM - edited 03-07-2019 12:34 PM
Hi,
I am in process of installing a WebFilter between my Main router and my firewall.
I need to build a PBR based on Traffic type or port.
Can i do that?
For example i need all traffic that comes from subnet 10.10.0.1/21 to go to destination X if traffic is on port 80 or 443
Does PBR support traffic identification? or it is only based on source and destination IP?
Thx
Solved! Go to Solution.
04-01-2013 05:41 AM
Hello,
You can do this with PBR, an example is below:
conf t
!
ip access-list extended HTTP_ONLY
permit tcp 10.10.10.0 0.0.7.255 any eq 80
permit tcp 10.10.10.0 0.0.7.255 any eq 443
!
route-map HTTP_NEXTHOP permit 10
match ip address HTTP_ONLY
set ip next-hop x.x.x.x
!
interface gi0/1
ip policy route-map HTTP_NEXTHOP
You need to remember to set the policy on the interface with incoming traffic.
So my example says any traffic, coming in from interface gi0/1 which matches the IP in the 10.10.10.0/21 network that is port 80 or 443 then forward it on to the next hop router...
Under the route-map you can specify different actions:
Specifies the action(s) to take on the packets that match the criteria. You can specify any or all of the following:
for your reference:
Hope this helps.
Please rate useful posts and remember to mark any solved questions as answered. Thank you.
04-01-2013 05:31 AM
PBR does support identifying traffic by transport protocol port number such as 80 and 443. So it will do very well what you are asking.
HTH
Rick
04-01-2013 05:34 AM
thx Richard for your quick reply.
do u have an example on how can i write such a policy?
within the official PBR documentation it is not written.
Thx
04-01-2013 05:41 AM
Hello,
You can do this with PBR, an example is below:
conf t
!
ip access-list extended HTTP_ONLY
permit tcp 10.10.10.0 0.0.7.255 any eq 80
permit tcp 10.10.10.0 0.0.7.255 any eq 443
!
route-map HTTP_NEXTHOP permit 10
match ip address HTTP_ONLY
set ip next-hop x.x.x.x
!
interface gi0/1
ip policy route-map HTTP_NEXTHOP
You need to remember to set the policy on the interface with incoming traffic.
So my example says any traffic, coming in from interface gi0/1 which matches the IP in the 10.10.10.0/21 network that is port 80 or 443 then forward it on to the next hop router...
Under the route-map you can specify different actions:
Specifies the action(s) to take on the packets that match the criteria. You can specify any or all of the following:
for your reference:
Hope this helps.
Please rate useful posts and remember to mark any solved questions as answered. Thank you.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: