4.2.3 Configuring Extranets for Policy-Based Routing

(config)# vrf definition 2

(config-vrf)# exit

(config)# interface vlan 20

(config-if)# vrf forwarding 2

(config-if)# ip address 192.168.20.1 255.255.255.0

(config-if)# exit

Sets VRF2, and then sets VRF2, IPv4 address 192.168.20.1, and subnet mask 255.255.255.0 for VLAN20.

(config)# vrf definition 3

(config-vrf)# exit

(config)# interface vlan 30

(config-if)# vrf forwarding 3

(config-if)# ip address 192.168.30.1 255.255.255.0

(config-if)# exit

Sets VRF3, and then sets VRF3, IPv4 address 192.168.30.1, and subnet mask 255.255.255.0 for VLAN30.

(config)# mac-address-table static 0012.e200.5566 vlan 30 interface gigabitethernet 1/0/2

(config)# arp 192.168.30.2 interface vlan 30 0012.e200.5566

Configures VLAN30 with the next-hop IPv4 address 192.168.30.2 and a static entry in the destination MAC address 0012.e200.5566.

(config)# policy-list 20

Sets policy-based routing list information by list number 20. When this list is created, the command switches to policy-based routing list information mode.

(config-pol)# policy-interface vlan 30 next-hop 192.168.30.2

Sets VLAN30 and the next-hop address 192.168.30.2 as a route in the policy-based routing list information.

(config-pol)# default permit

Sets normal forwarding as the default operation in the policy-based routing list information.

(config-pol)# exit

Returns to global configuration mode from policy-based routing list information mode.

(config)# ip access-list extended EXTRA_NET_POLICY_VLAN_20_TO_30

Create a ip access-list (EXTRA_NET_POLICY_VLAN_20_TO_30). When this list is created, the command switches to IPv4 packet filtering mode.

(config-ext-nacl)# permit ip any 192.168.30.0 0.0.0.255 action policy-list 20

Sets the policy-based routing list information for enabling policy-based routing for IPv4 packets. Set the list number to 20.

(config-ext-nacl)# permit ip any any

(config-ext-nacl)# exit

Configures an IPv4 packet filter that forwards all frames and returns to global configuration mode.

(config)# interface vlan 20

(config-if)# ip access-group EXTRA_NET_POLICY_VLAN_20_TO_30 in

Enables the target ip access-list (EXTRA_NET_POLICY_VLAN_20_TO_30) on the receiving side of the VLAN20.

(config-if)# exit

Returns to global configuration mode.

(config)# mac-address-table static 0012.e200.7788 vlan 20 interface gigabitethernet 1/0/3

(config)# arp 192.168.20.2 interface vlan 20 0012.e200.7788

Configures VLAN20 with the next-hop IPv4 address 192.168.20.2 and a static entry in the destination MAC address 0012.e200.7788.

(config)# policy-list 30

Sets policy-based routing list information with list number 30. When this list is created, the command switches to policy-based routing list information mode.

(config-pol)# policy-interface vlan 20 next-hop 192.168.20.2

Sets VLAN20 and the next-hop address 192.168.20.2 as a route in the policy-based routing list information

(config-pol)# default permit

Sets normal forwarding as the default operation in the policy-based routing list information.

(config-pol)# exit

Returns to global configuration mode from policy-based routing list information mode.

(config)# ip access-list extended EXTRA_NET_POLICY_VLAN_30_TO_20

Create a ip access-list (EXTRA_NET_POLICY_VLAN_30_TO_20). When this list is created, the command switches to IPv4 packet filtering mode.

(config-ext-nacl)# permit ip any 192.168.20.0 0.0.0.255 action policy-list 30

Sets the policy-based routing list information for enabling policy-based routing for IPv4 packets. Sets list number 30.

(config-ext-nacl)# permit ip any any

(config-ext-nacl)# exit

Configures an IPv4 packet filter that forwards all frames and returns to global configuration mode.

(config)# interface vlan 30

(config-if)# ip access-group EXTRA_NET_POLICY_VLAN_30_TO_20 in

Enables the target ip access-list (EXTRA_NET_POLICY_VLAN_30_TO_20) on the receiving side of the VLAN30.