Cisco rule routing configuration learning notes

It is very important to know about policy routing configuration. Here we will mainly introduce the detailed steps of policy routing configuration. You can define your own rule policy routing configuration to route data packets, not just by the destination address. Here you can learn how to use policy-based routing configuration to solve this problem. In specific applications, policy-based routes include:

Source IP address-based policy routing configuration
Policy routing configuration based on packet size
Application-based policy routing configuration
Load Balancing through the default route

The routing policy in the first case is described here. For example, in this example, the firewall is used to translate the 10.0.0.0/8 Intranet address into a routable 172.16.255.0/24 subnet address. The following firewall configuration is added for integrity. It is not required for policy routing configuration. The firewall here can be replaced by other similar products, such as the PIX or other similar firewall devices. The configuration of the firewall here is as follows:

 
 

  
  
!   
  
  
ip nat pool net-10 172.16.255.1 172.16.255.254 prefix-length 24   
  
  
ip nat inside source list 1 pool net-10   
  
  
!   
  
  
interface Ethernet0   
  
  
ip address 172.16.20.2 255.255.255.0   
  
  
ip nat outside   
  
  
!   
  
  
interface Ethernet1   
  
  
ip address 172.16.39.2 255.255.255.0   
  
  
ip nat inside   
  
  
!   
  
  
router eigrp 1   
  
  
redistribute static   
  
  
network 172.16.0.0   
  
  
default-metric 10000 100 255 1 1500   
  
  
!   
  
  
ip route 172.16.255.0 255.255.255.0 Null0   
  
  
access-list 1 permit 10.0.0.0 0.255.255.255   
  
  
!   
  
  
end   
  
  
 
 
 

In our example, the Cisco WAN router runs the policy routing configuration to ensure that IP packets from the 10.0.0.0/8 network are sent to the firewall. Two net-10 policy rules are defined in the configuration. The first policy defines that IP packets sent from the 10.0.0.0/8 network are sent to the firewall. We will soon see that there is a problem with the configuration ). The second rule allows all other data packets to be routed normally. The configuration of the Cisco WAN router is as follows:

 
 

  
  
!   
  
  
interface Ethernet0/0   
  
  
ip address 172.16.187.3 255.255.255.0   
  
  
no ip directed-broadcast   
  
  
!   
  
  
interface Ethernet0/1   
  
  
ip address 172.16.39.3 255.255.255.0   
  
  
no ip directed-broadcast   
  
  
!   
  
  
interface Ethernet3/0   
  
  
ip address 172.16.79.3 255.255.255.0   
  
  
no ip directed-broadcast   
  
  
ip policy route-map net-10   
  
  
!   
  
  
router eigrp 1   
  
  
network 172.16.0.0   
  
  
!   
  
  
access-list 110 permit ip 10.0.0.0 0.255.255.255 172.16.36.0 0.0.0.255   
  
  
access-list 111 permit ip 10.0.0.0 0.255.255.255 any   
  
  
!   
  
  
route-map net-10 permit 10   
  
  
match ip address 111   
  
  
set interface Ethernet0/1   
  
  
!   
  
  
route-map net-10 permit 20   
  
  
!   
  
  
end   
  
  
 
 
 

We can test our configuration in this way. Send the ping command to a host on the Internet on the vro10.10.1.1.1 named Cisco-1, which is the 192.1.1.1 host ). To view the situation on the Router named Internet Router, run the debug ip packet 101 detail command in privileged command mode. Here, there is an access-list 101 permit icmp any configuration command on this vro ). The following is the output result: Results of ping from Cisco-1 to 192.1.1.1/internet taken from Internet_Router: Pakcet never makes it to Internet_Router as you can see: the packet does not reach the Internet_Router router.