● Configure IPv4 default routes on R4 and R6 pointing to R1's IPv4 address from the shared Ethernet segment.
● Configure IPv4 default route on R3 pointing to R1's IPv4 address from the shared Ethernet segment.
● Configure IPv4 default route on R5 pointing to R1's DMVPN cloud IPv4 address.
● Configure IPv4 static routes on R3 for R5’s Loopback0 prefix and on R5 for R3’s Loopback0 prefix through the DMVPN cloud.
● Configure IPv4 policy-routing on R1 so that traffic from R4 is routed through R3 over the Ethernet link, and traffic from R6 is routed through R5 over the DMVPN cloud.
● Create two extended access-lists on R1, named FROM_R4 and FROM_R6:
● Access-list FROM_R4 should match all IPv4 traffic sourced from R4's Ethernet segment.
● Access-list FROM_R6 should match all IPv4 traffic sourced from R6's Ethernet segment.
● Use traceroute on R4 and R6 for R3's and R5’s Loopback0 prefixes to verify your configuration.
Policy routing allows the router to forward traffic based on user-defined criteria without even consulting the IP routing table. In this example, we can see that R1 does not have routing information for either of the Loopbacks of R3 and R5, so it cannot route locally originated traffic.
R1
show ip route 10.1.3.3
% Subnet not in table
show ip route 10.1.5.5
% Subnet not in table
debug ip packet
IP packet debugging is on
ping 10.1.3.3 repeat 1
R1
ping 10.1.5.5 repeat 1
If traffic is received inbound on R1's VLAN 146 Ethernet segment and is sourced from R4's or R6’s IPv4 addresses attached to VLAN 146, it is policy-routed accordingly to the route-map attached to the interface:
R4
traceroute 10.1.3.3
traceroute 10.1.5.5
R6
traceroute 10.1.3.3
R6
traceroute 10.1.5.5
Verify policy-routing configuration and that traffic has matched the ACL:
R1
show ip policy
show ip interface GigabitEthernet0/0.146 | i Policy
show route-map
R1’s route-map used for policy routing does not match traffic sourced from other interfaces of R4 and R6, so this traffic is dropped when it is received by R1 inbound on its VLAN 146:
ping 10.1.5.5 source loopback0
ping 10.1.5.5 source loopback0
R1
ip access-list extended FROM_R4
permit ip host 172.16.146.4 any
!
ip access-list extended FROM_R6
permit ip host 172.16.146.6 any
!
route-map POLICY_ROUTING permit 10
match ip address FROM_R6
set ip next-hop 172.16.0.5
!
interface Eth0/0.146
ip policy route-map POLICY_ROUTING
R3:
ip route 0.0.0.0 0.0.0.0 172.16.13.1
ip route 10.1.5.5 255.255.255.255 172.16.0.5
R4
ip route 0.0.0.0 0.0.0.0 172.16.146.1
R5
ip route 0.0.0.0 0.0.0.0 172.16.0.1
ip route 10.1.3.3 255.255.255.255 172.16.0.3
R6
ip route 0.0.0.0 0.0.0.0 172.16.146.1