Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 01-Policy-Based Routing Configuration Examples | 274.90 KB |
Introduction
The following information provides an example for configuring policy-based routing (PBR) for network access.
You can configure PBR to forward traffic from specific LAN hosts through designated WAN interfaces within a certain time period.
Prerequisites
This document is not restricted to specific software or hardware versions. Procedures and information in the examples might be slightly different depending on the software or hardware version of the router.
The configuration examples were created and verified in a lab environment, and all the devices were started with the factory default configuration. When you are working on a live network, make sure you understand the potential impact of every command on your network.
The following information is provided based on the assumption that you have basic knowledge of PBR.
Software version used
This example is configured and verified on Release 6749P21 of the MSR830-10HI-GL routers.
Restrictions and guidelines
When configuring a PBR policy, select Auto for Preference to have PBR policy nodes take effect by configuration order. If you select Custom for Preference, the policy node with a smaller number has a higher priority.
Configuration example
Network configuration
As shown in Figure 1, Router serves as the enterprise's egress gateway and connects to the Internet through interfaces WAN1 and WAN2 whose connection mode is fixed address. The IP address of WAN1 is 20.1.1.1/24, and its gateway address is 20.1.1.254.
The IP address of WAN2 is 20.1.2.1/24, and its gateway address is 20.1.2.254.
To separate service traffic during work hours (8:30-18:00 on Monday to Friday), configure the router to meet the following requirements:
· Forwards network access traffic from the R & D department through interface WAN1.
· Forwards network access traffic from the sales department through interface WAN2.
Procedure
Configuring network access
In this example, specify the WAN access scenario for the router as multi-WAN scenario, select line 1 and line 2 for WAN outgoing interfaces, and specify the connection mode of the WAN interfaces as fixed IP.
Configuring network access for the R & D department
1. Access the Web management interface of the router.
2. Navigate to the Network > WAN Settings page.
3. On the Scene tab, select Multi-WAN scenario.
4. Select WAN1 for Line1 and WAN2 for Line2.
5. Click Apply.
Figure 2 Configuring the WAN access scenario
6. Click the WAN Settings tab to enter the WAN configuration page.
7. Click the Edit icon in the Operation column for WAN1 to enter the Modify WAN configuration page.
8. Select Fixed IP for Connection mode.
9. Enter 20.1.1.1 for IP address.
10. Enter 255.255.255.0 for Subnet mask.
11. Enter 20.1.1.254 for Gateway. Use default settings for other parameters.
12. Click Apply.
Figure 3 Configuring parameters for interface WAN1
Configuring network access for the sales department
1. Click the Edit icon in the Operation column for WAN2 to enter the WAN interface configuration page.
2. Select Fixed IP for Connection mode.
3. Enter 20.1.2.1 for IP address.
4. Enter 255.255.255.0 for Subnet mask.
5. Enter 20.1.2.254 for Gateway. Use default settings for other parameters.
6. Click Apply.
Figure 4 Configuring parameters for interface WAN2
Configuring PBR policy settings
Configuring PBR policy settings for the R & D department
1. Navigate to the Advanced Settings > Policy-Based Routing page.
2. Click Add.
3. In the Match Rule area, configure rule settings as follows:
¡ Select IP for Protocol type.
¡ Enter 192.168.1.10-192.168.1.30 for Source address range.
¡ Enter 0.0.0.0-255.255.255.255 (all addresses) for Destination address range.
¡ Specify 08:00 to 18:00 from Monday to Friday for Valid period.
¡ Select WAN1 for Output interface, and enter gateway address 20.1.1.254 of interface WAN1 for Next hop.
¡ Enter a description to facilitate usage.
4. Click Apply to return to the PBR policy configuration page.
Figure 5 Configure PBR policy settings for the R & D department
Configuring PBR policy settings for the sales department
1. Click Add.
2. In the Match Rule area, configure rule settings as follows:
¡ Select IP for Protocol type.
¡ Enter 192.168.1.50-192.168.1.70 for Source address range.
¡ Enter 0.0.0.0-255.255.255.255 (all addresses) for Destination address range.
¡ Specify 08:00 to 18:00 from Monday to Friday for Valid period.
¡ Select WAN2 for Output interface, and enter gateway address 20.1.2.254 of interface WAN2 for Next hop.
¡ Enter a description to facilitate usage.
3. Click Apply.
Figure 6 Configuring PBR policy settings for the sales department
Verifying the configuration
1. Log in to the Web interface on the PC of an R & D department employee, perform a tracert to target IP address 200.1.1.1, and view the routing path.
C:\Users\abc> tracert 200.1.1.1
Tracing route to 200.1.1.1 over a maximum of 30 hops:
1 <1 ms 1 ms 1 ms erlogin.cn[192.168.1.1]
2 <1 ms <1 ms <1 20.1.1.254
3 <1 ms <1 ms <1 200.1.1.1
Trace complete.
2. Log in to the Web interface on the PC of a sales department employee, perform a tracert to target IP address 200.1.1.1, and view the routing path.
C:\Users\cbd> tracert 200.1.1.1
Tracing route to 200.1.1.1 over a maximum of 30 hops:
1 <1 ms 1 ms 1 ms erlogin.cn[192.168.1.1]
2 <1 ms <1 ms <1 20.1.2.254
3 <1 ms <1 ms <1 200.1.1.1
Trace complete.
The routing paths show that the R & D department accesses the Internet through the gateway of interface WAN1, and the sales department accesses the Internet through the gateway of interface WAN2. The PBR policy is configured successfully.
