[f-nsp] Policy based routing?

Nick Morrison nick at nick.on.net
Fri Feb 5 16:29:33 EST 2010


Silly question,

If all you want is an ACL to block traffic, why not just use an
access-group?

N

On Fri, Feb 5, 2010 at 8:14 PM, Logan Rawlins
<logan.rawlins at highwinds.com>wrote:

> Sure at the end of your policy point a default match all to a nexthop ip
> that you have null  routed
>
> ip route a.a.a.a/32 null0
>
> ip access-list extended permit-all
>  permit ip any any
>
> route-map pbr-firewall permit 1000
>  match ip address  permit-all
>  set ip next-hop a.a.a.a
>
> int e 1/1
> ip policy route-map pbr-firewall
>
>
> On Feb 5, 2010, at 12:49 PM, seph wrote:
>
> > As I continue to tinker with my network, I'm increasing interesting in
> > PBR. Unfortunately, the only info I can find is in the Configuration
> > Guide, which seems sparse. I'm hoping folks here might have some advice.
> >
> > Given how small a section in the config guide it has, I wonder how
> > widely used it is. It feels like an afterthought. Do people actually use
> > it?
> >
> > Is there other documentation that I should be reading?
> >
> > If I'm using PBR as sort of a firewall, is there a way to set a default
> > "don't route these packets"
> >
> > Am I crazy for trying?
> >
> > Thanks for any advice
> >
> > seph
> >
> >
> > _______________________________________________
> > foundry-nsp mailing list
> > foundry-nsp at puck.nether.net
> > http://puck.nether.net/mailman/listinfo/foundry-nsp
> >
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>



-- 
Nick Morrison <nick at nick.on.net>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/foundry-nsp/attachments/20100205/76072d7b/attachment.html>


More information about the foundry-nsp mailing list