How to perform Policy-Based Routing (PBR) on DELL Networking N-Series Switches

Summary: How to set up Policy based routing on dell n series

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Instructions

OBJECTIVE

This article explains how to implement Policy-Based Routing (PBR) on Dell Networking N-Series Switches. PBR is set of policies that are configured to route packets as opposed to the routes populated in the routing table by the enabled routing protocol

Table of Contents

  1. Overview

  2. Configuring Policy-Based Routing

  3. Verifying Policies under a Route-Map

  Overview

  • PBR is a set of rules that are applied to route packets according to organizational policies, which might deviate from the actual routing protocol routes

  • PBR is configurable only on VLAN interface, whereas ACL’s can be applied on VLAN, port-channel and physical interfaces

  • PBR should be applied only on the ingress VLAN interface

  • L3 capability should be enabled in the switch to perform PBR. This can be done by configuring ip address on the VLAN interface and entering the global configuration command "ip routing"

  • A PBR is applicable only if it contains at least one match and one set statement

  • PBR will not have an impact on locally generated traffic

  • If the next-hop ip declared in PBR is not reachable, routing-table is used to route the matched packets

  • Ipv6 match statement is not supported in PBR 

 
HOW12224_en_US__1icon If statements of route-map or ACL’s in route-map are edited, make sure to remove the route-map and reapply on the interface, only then the updated route-map policy comes into effect

  

HOW12224_en_US__2icon It is recommended not to apply Diffserv on the interface associated to the VLAN that is already configured with route-map policies

 

Configuring Policy-Based Routing

To route packets from host 192.168.5.5 in VLAN 5 to 192.168.10.10 via VLAN 15 (next-hop 192.168.15.15), perform the following steps:

 
HOW12224_en_US__2icon These steps are opposed to "normal routing" i.e. through VLAN 10 (next-hop 192.168.10.10)
 

  1. Enable L3 capability on the switch

    1. Enter global configuration mode by entering: console#configure

    2. Enable L3 mode by entering: console(config)#ip routing

 

  1. Configure Access-Control List (ACL) to filter the network or host to be routed (only 192.168.5.5 traffic destined to 192.168.10.10).

    1. Enter global configuration mode by entering: console#configure

    2. Create an ACL by entering: console(config)#ip access-list allow_192.168.5.5
 
HOW12224_en_US__2icon ACL names can contain letters, numbers, dot, dash or underscore, but should start with a letter only, and it should be less than or equal to 31 characters long
 

  1. Create either a permit or a deny filter statement by entering: console(config-ip-acl)#permit ip host 192.168.5.5 host 192.168.10.10  

 

  1. Configure PBR policy to achieve the requirement.

    1. Enter global configuration mode by entering: console#configure 

    2. Create PBR by entering: console(config)#route-map POLICY_redirect ​

 

HOW12224_en_US__2icon PBR name can start with number or letter
 

  1. Enter the match statement to match the host or network from the declared ACL by entering: console(route-map)#match ip address allow_192.168.5.5

  2. Enter the set statement, specifying the next hop ip, by entering: console(route-map)#set ip next-hop 192.168.15.15

 

  1. Apply route-mapping on VLAN interface

    1. Enter global configuration mode: console#configure

    2.  Enter the interface specific mode: console(config)#interface vlan 10 

    3. Apply the PBR policy to the outgoing VLAN interface: console(config-if-vlan100)#ip policy route-map POLICY_redirect

   
HOW12224_en_US__2icon If Both PBR and ACL are applied on a VLAN interface, rules from both the sections (PBR and ACL) are considered to filter the traffic.
If Both PBR and ACL are applied on a physical interface, only rules from one of the sections (either PBR or ACL) will be considered for filtering the traffic.

 

Verifying Policies under a Route-Map


To view the route-map policies and statistics of number of packets the routing policy has redirected, enter the command: console#show route-map POLICY_redirect


Below is an example of what a normal Route-Map would look like:

 route-map "POLICY_redirect" permit 10

     Match clauses:
       ip address (access-lists) : allow_192.168.5.5
     Set clauses:
       ip next-hop 192.168.15.15
Policy routed: 0 packets, 0 bytes

Affected Products

PowerSwitch N1500 Series, PowerSwitch N2000 Series, PowerSwitch N3000 Series, Dell EMC PowerSwitch N3100 Series, PowerSwitch N4000 Series
Article Properties
Article Number: 000120976
Article Type: How To
Last Modified: 05 Jun 2025
Version:  5
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.