Policy-Based routing is a neat trick to tweak traffic streams.
For Policy Based Routing to work you will the following;
– Define traffic stream in an access-list.
– Write down a policy.
– Determine the inbound interface.
First use an ACL to define the traffic streams.
You can use standard, extended or named access-list.
In this example traffic sourced from 18.104.22.168 and 22.214.171.124 destined for 126.96.36.199 is defined in ACL 100.
access-list 100 permit ip host 188.8.131.52 host 184.108.40.206 access-list 100 permit ip host 220.127.116.11 host 18.104.22.168
Next you will to define the policy.
If you want to want set the next hop for this traffic stream. You have to do;
route-map just-a-name permit 10 match ip address 100 set ip default next-hop 10.10.10.20
Once you have formulated the traffic stream and the tweak all you have to do is apply it to an interface.
interface Ethernet0/0 ip address 100.100.100.1 255.255.255.0 ip policy route-map just-a-name
Be carefull : the name of the route-map is CaSe senSitive.
Why is this a great little trick; you can use policy based routing to prevent asymetric routing in a HSRP setup. Or you can send specific traffic towards an IDS / firewall /deep packet inspection device. Or simply send traffic to an black-hole in case of unwanted/malicious traffic.