There are 1 HQ and several small sites for my company. Web accessing is only possible in HQ. I am using router 2801 to route packets to/from between HQ and small sites.
As shown from the attached config file of 2801, fe0/0 is connected to my ISP thru a 3Mbps fat pipe, and fe0/1 is connected to local lan (10.1.1.0/24) located at HQ. Other LANs such as 10.1.3.0, 10.1.5.0, 10.1.6.0 are local LANs of small sites.
The problem is I don't really understand about the ACL - PBR that set in this config file. Could some one explain to me how the routing looks like?
Just as an intro to PBR, PBR is used to force policy routing rather than normal routing using the routing table, the packets that fails to be policy routed will fall back to normal routing using the routing table.
Your PBR applies to the input traffic on FastEthernet0/1 (Note PBR is always applied to the incoming traffic (and can never be applied to the outgoing traffic) which is logical as you need to take a decision how to route a packet when it arrives to the router - any traffic matching in the access-list is policy routed, while traffic unmatched is routed normally using the routing table and your static routes).
When looking at the configuration, each entry with deny in the ACL would not be policy routed, it will be routed normally via the routing table (also every packet that is implicitly denied by not being permitted will not be policy routed, and will be routed via normal routing using the routing table), and each entry that matches in the ACL will be policy routed using the respective next-hop from the route-map.
description HQ LAN Network
ip address 10.1.1.254 255.255.255.0
ip policy route-map RouteSet1
access-list 100 deny ip host 10.1.1.5 10.1.5.0 0.0.0.255
access-list 100 deny ip host 10.1.1.5 10.1.6.0 0.0.0.255
access-list 100 deny ip host 10.1.1.5 10.1.2.0 0.0.0.255
access-list 100 deny ip host 10.1.1.5 10.1.3.0 0.0.0.255
access-list 100 deny ip host 10.1.1.10 10.1.5.0 0.0.0.255
access-list 100 deny ip host 10.1.1.10 10.1.6.0 0.0.0.255
access-list 100 deny ip host 10.1.1.10 10.1.2.0 0.0.0.255
access-list 100 deny ip host 10.1.1.10 10.1.3.0 0.0.0.255
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...