We have implemented 2x 5820AF with IRF as a coreswitch with several vlans (among others) using multicast IGMP/PIM Dense Mode as the 'primary' functionality.
Now it becomes necessary to restrict unicast traffic to these vlans from all other sources for security purposes. This traffic should be handled by the firewall instead of the coreswitch. There is only a default route to the firewall configured at the coreswitch.
Our idea is to use Policy Based Routing in every vlan to send traffic for these specific vlans to the firewall.
The Layer 3 - IP Routing Configuration Guide says:
The PBR policy allows you to specify the next hop, priority, and default next hop to guide the forwarding
of packets that match specific ACLs. Only IPv4 unicast PBR is supported.
Questions:
- What does this mean:
Will multicast traffic ignored by PBR completely?
PBR handles only the unicast traffic?
- How could this be implemented?
- Is there a traffic impact on the other vlans with PBR in the interface?
Any advice would be very helpful!
Many thanks in advance for your ideas and help!
Best regards
Manfred M.
#policybasedrouting