Hi jgarrison,
Post your topology. I can explain it to you. Basically with PBR you need the following:
- Create an access-list ( can be extended if you want) that identifies the flow ( i.e. source/destination, source port/dst port, etc)
- Create a route-map, set the match statement and set your next-hop statement
- Apply it to the interface where you expect the source traffic will arive
I assume that the data and voice traffic arrive on separate logical interfaces on the router ( i.e. sub-interface, separate physical interface, etc). In your case, if the voice arrives on gi0/0 and data on gi0/3:
config t
ip access-list extended policy-route-voice
permit ip x.x.x.x any
permit ip <voice_net2> any
permit ip <voice_net3> any
...
permit ip <voice_netn> any
end
config t
route-map rmap-policy-01 permit 10
match ip address policy-route-voice
set next-hop <ip address>
end
config t
int gi0/0
ip policy route-map rmap-policy-01
end
Of course, if your sure voice traffic ONLY arrives on a single interface gi0/0, then you need not even specify an access-list, if no "match" statement is provided in the route-map it matches everything. So the whole config simplifies to:
config t
route-map rmap-policy-01 permit 10
set ip next-hop <ip address>
end
config t
int gi0/0
ip policy route-map rmap-policy-01
end
Caveats:
- PBR configuration doesn't care if the next-hop is actually up or not. You will black-hole your voice traffic if the next-hop fails. There are techniques to overcome this ( particularly involving the "default next-hop configuration. Basically you use IPSLA+Track to inject a more specific route. If the IP SLA fails, the more-specific route is withdrawn and the default next-hop applies.)
- Don't be tempted to use the "set next-hop interface" command if your destination is not link-local (i.e. the destination is some internet address(es). Your router will send ARP replies forever on the interface specified by the "set next-hop interface" command
- If your voice/data arrive on the same interface ( say you have soft phones on your desktop), then you will need the extended ACL configuration. You only need to identify the voice traffic, the data traffic will pass through the PBR
HTH