Policy-Based routing is a neat trick to tweak traffic streams.
For Policy Based Routing to work you will the following;
– Define traffic stream in an access-list.
– Write down a policy.
– Determine the inbound interface.
First use an ACL to define the traffic streams.
You can use standard, extended or named access-list.
In this example traffic sourced from 22.214.171.124 and 126.96.36.199 destined for 188.8.131.52 is defined in ACL 100.
access-list 100 permit ip host 184.108.40.206 host 220.127.116.11 access-list 100 permit ip host 18.104.22.168 host 22.214.171.124
Next you will to define the policy.
If you want to want set the next hop for this traffic stream. You have to do;
route-map just-a-name permit 10 match ip address 100 set ip default next-hop 10.10.10.20
Once you have formulated the traffic stream and the tweak all you have to do is apply it to an interface.
interface Ethernet0/0 ip address 100.100.100.1 255.255.255.0 ip policy route-map just-a-name
Be careful : the name of the route-map is CaSe senSitive.
Why is this a great little trick; you can use policy based routing to prevent asymetric routing in a HSRP setup. Or you can send specific traffic towards an IDS / firewall /deep packet inspection device. Or simply send traffic to an black-hole in case of unwanted/malicious traffic.