Configure and verify policy-based routing

📘CCNP Enterprise – ENARSI (300-410)

1. What is Policy-Based Routing (PBR)?

Normally, routers make routing decisions based on the routing table, which contains the best path for each destination network. This is called destination-based routing.

Policy-Based Routing is different:

  • It allows you to override the normal routing decision.
  • You can make routing decisions based on policies, not just destination IPs.
  • Policies can include source IP, protocol, port number, or other criteria.

In short: PBR lets network administrators define “rules” so certain traffic takes a specific path, even if the routing table says otherwise.

2. Why use PBR in a network?

Here are common IT scenarios for using PBR:

  1. Direct specific traffic to a different path
    • Example: All traffic from a certain server goes through a firewall before leaving the network.
  2. Load balancing across multiple WAN links
    • You can send HTTP traffic over one ISP link and email traffic over another.
  3. Apply security or QoS policies
    • Certain applications (like VoIP) can be routed through higher-bandwidth, low-latency links.

3. How PBR Works (Cisco Approach)

PBR is implemented using a route-map. A route-map is like a set of “if-then rules”:

  • If traffic matches these conditions → then take this action

The basic PBR process:

  1. Match criteria (using access lists, prefix lists, or route-maps)
  2. Set next-hop (the router/interface to send the traffic to)
  3. Apply the route-map to an interface (typically inbound on the interface where traffic enters the router)

4. Key Components of PBR

  1. Access Control Lists (ACLs) – Define the traffic to match:
    • Can match source IP, destination IP, protocol, or port.
  2. Route-Maps – Contain the policy logic:
    • Match statement: defines which traffic to select
    • Set statement: defines what to do with matching traffic (e.g., next hop, interface)
    • Example: route-map PBR permit 10 match ip address 101 set ip next-hop 10.1.1.2
  3. Next-Hop IP – The IP address of the next router where traffic should go.
    • Important: This must be reachable via a directly connected network, otherwise PBR fails.
  4. Interface to apply PBR
    • PBR is applied inbound on the interface where traffic enters the router.
    • Command: interface GigabitEthernet0/1 ip policy route-map PBR

5. PBR Configuration Steps (Exam-Focused)

Here’s the step-by-step method Cisco expects you to know:

Step 1: Define the traffic using ACLs

  • Example: Match traffic from the network 192.168.10.0/24
access-list 101 permit ip 192.168.10.0 0.0.0.255 any

Step 2: Create a route-map

  • Link the ACL to a next-hop IP
route-map PBR permit 10
  match ip address 101
  set ip next-hop 10.1.1.2

Step 3: Apply the route-map to an interface

interface GigabitEthernet0/0
  ip policy route-map PBR

6. Verifying PBR

Cisco exam may ask you to verify PBR behavior. Key commands:

  1. Check if PBR is applied to an interface
show running-config | section interface
  1. Check PBR counters (matching traffic, hits, etc.)
show route-map
show ip policy
  1. Debug PBR traffic
debug ip policy

Tip: Use ping or traceroute to test if traffic takes the correct path.

7. PBR Best Practices / Exam Tips

  1. PBR only works for IPv4 unicast traffic (unless using advanced features for IPv6).
  2. Always have a fallback route – unmatched traffic follows the routing table.
  3. Ensure next-hop is reachable – otherwise PBR will drop traffic.
  4. Use PBR carefully – too many policies may impact router performance.

8. Common Exam Scenarios

  1. Redirect HTTP traffic from a certain subnet to a specific firewall or proxy.
  2. Send traffic from a branch office over a backup WAN link instead of the primary.
  3. Force VoIP traffic to a low-latency WAN link for better call quality.

In exams, they might show a topology and ask:

  • “Configure PBR so traffic from subnet X goes via next-hop Y.”
  • “Verify that traffic takes the correct path.”

Summary Table for Quick Exam Revision

FeaturePBR ConceptExam Tip
PurposeOverride routing table decisionsMust know when/how to apply
ComponentsACL + Route-map + Next-hop + InterfaceMatch → Set → Apply
Applied OnInbound interfaceOften confusing for students
Verificationshow route-map, show ip policyAlso debug with debug ip policy
Best PracticeEnsure next-hop reachable + fallback routePrevent traffic blackhole
Buy Me a Coffee

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by