Transparent Bridging and Policy Based routing combination

Unanswered Question
Nov 17th, 2009

Hi all,

I wonder if it is possible to have an IOS router running transparent bridging doing Policy Based Routing based on the source IP address in the packet.

Situation is that we are adding a second Internet link to which we want to route the traffic from specific source addresses. Problem however is that our firewall doesn't support Policy Based Routing.

In order not to have to change the existing interface definitions and IP's on the firewalls it would be nice to be able to forward everything from source IP x.x.x.x to next hop x.x.x.1 and all from y.y.y.y to next hop y.y.y.1 but without needing to have additional L3 routing enabled between the current firewall and router.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Giuseppe Larosa Tue, 11/24/2009 - 09:04

Hello Rene,

PBR requires an inbound L3 interface to work so it is not possible to have PBR working on traffic that is bridged.

Hope to help


Richard Burts Wed, 11/25/2009 - 04:30


I do not have enough information about your environment to fully understand your need for Policy Based Routing, but I will accept that you need PBR. There is not anything in your post that explains why you need transparent bridging or how it is implemented and without knowing that it is difficult to advise on how to combine PBR and transparent bridging.

If you have implemented transparent bridging by turning off ip routing (the simple way to do transparent bridging) then the suggestion from Giuseppe is correct that you need a layer three interface for PBR and can not combine PBR with transparent bridging. If you have implemented transparent bridging using Integrated Routing and Bridging then IRB provides the layer three interface in the BVI and I believe that it would be possible to do PBR on the BVI (but I have never tested this and can not say for sure whether it would work).

Perhaps you can clarify your situation and we could give you better advice?



rene.van.dalen@... Wed, 11/25/2009 - 05:42

Hi guys,

Thanks for you comments. Understand that the traffic would have to go to L3 cause IP routing is done on L3.

Could IRB be implemented without changing the IP addresses on the Firewall and the Internet router, or would we have the firewall and the router to the IRB IP address ?

Sorry if I'm asking the wrong questions... am a bit green on IRB and BVI.....



Richard Burts Wed, 11/25/2009 - 12:59


I believe that we can not provide helpful or accurate advice without a better understanding of your environment. Can you provide some explanation of your environment: what connects to what, and what is doing the transparet bridging? You have mentioned an Internet router and a firewall. Is there an inside router? Perhaps a drawing might be helpful.




This Discussion