04/07/2019 EdgeRouter - Policy-Based Routing – Ubiquiti Networks Support and Help Center

UBNT SUPPORT

Search

/ EdgeMAX / EdgeRouter Con guration

EdgeRouter - Policy-Based Routing

Overview

Readers will learn how to con gure Policy-Based Routing (PBR) on an EdgeRouter.

NOTES & REQUIREMENTS:

Applicable to the latest EdgeOS rmware on all EdgeRouter models. Knowledge of the
Command Line Interface (CLI) and basic networking knowledge is required. Please see the
Related Articles below for more information.
 
Device used in this article:
EdgeRouter-4 (ER-4)

Con guring Policy-Based Routing (PBR)

Back to Top

Can't find what you're looking for?

https://help.ubnt.com/hc/en-us/articles/204952274-EdgeRouter-Policy-Based-Routing 1/6
04/07/2019 EdgeRouter - Policy-Based Routing – Ubiquiti Networks Support and Help Center

Using PBR, the traf c from the hosts on VLAN10 will be forwarded to ISP1 and the traf c from VLAN20
will be forwarded to ISP2.

Policy-Based Routing (PBR) in EdgeOS works by matching source IP address ranges using rewall rules
and forwarding the traf c using different routing tables. The routing tables that will be used in this
example are:

table 11 The routing table used by hosts in VLAN10.

table 12 The routing table used by hosts in VLAN20.
main The main routing table used by the EdgeRouter itself and other interfaces that do not use
PBR.

CLI: Access the Command Line Interface. You can do this using the CLI button in the GUI or
by using a program such as PuTTY.

1. Enter con guration mode.

configure

2. Make sure that two default routes are added to the main routing table.

set protocols static route 0.0.0.0/0 next-hop 203.0.113.2

set protocols static route 0.0.0.0/0 next-hop 192.0.2.2
Can't find what you're looking for?
https://help.ubnt.com/hc/en-us/articles/204952274-EdgeRouter-Policy-Based-Routing 2/6
04/07/2019 EdgeRouter - Policy-Based Routing – Ubiquiti Networks Support and Help Center

NOTE: This step is necessary to allow hosts to use the main routing table in case one of the
ISPs is down.

3. Add two default routes for routing table 11 and table 12.

set protocols static table 11 route 0.0.0.0/0 next-hop 203.0.113.2

set protocols static table 12 route 0.0.0.0/0 next-hop 192.0.2.2

NOTE: When using a point-to-point interface (PPPoE or OpenVPN, for example), you can
also use an interface-route instead:
 
set protocols static table <table-number> interface-route 0.0.0.0/0 next-hop-interface

<interface-id>

4.   Exclude the Inter-VLAN traf c (between VLAN10 and VLAN20) from PBR.

set firewall group network-group vlans network 10.0.10.0/24

set firewall group network-group vlans network 10.0.20.0/24

set firewall modify PBR rule 10 description inter-vlan

set firewall modify PBR rule 10 destination group network-group vlans
set firewall modify PBR rule 10 modify table main

NOTE: This step allows the VLAN10 and VLAN20 hosts to communicate with each other
using the main routing table.

5. Create the modify rewall policy that matches on the VLAN source IP address ranges.

set firewall modify PBR rule 20 description vlan10

set firewall modify PBR rule 20 source address 10.0.10.0/24
set firewall modify PBR rule 20 modify table 11

set firewall modify PBR rule 30 description vlan20

set firewall modify PBR rule 30 source address 10.0.20.0/24
set firewall modify PBR rule 30 modify table 12

6. Apply the rewall policy in the inbound/in direction on the eth2 VLAN interfaces.

set interfaces ethernet eth2 vif 10 firewall in modify PBR

set interfaces ethernet eth2 vif 20 firewall in modify PBR

Can't find what you're looking for?

https://help.ubnt.com/hc/en-us/articles/204952274-EdgeRouter-Policy-Based-Routing 3/6
04/07/2019 EdgeRouter - Policy-Based Routing – Ubiquiti Networks Support and Help Center

7. Commit the changes and save the con guration.

commit ; save

You can use the following operational mode commands to verify the routing tables and rewall
statistics:

show ip route
show ip route table 11
show ip route table 12
show firewall modify PBR statistics

Related Articles

Back to Top

EdgeRouter - WAN Load-Balancing

Intro to Networking - How to Establish a Connection Using SSH

Was this article helpful? 👍 👎 7 out of 7 found this helpful

Let us know what we missed! Send   

Feedback

Don’t see what you are looking for? Get advice from our Community or Submit a Help Ticket.

EDGEMAX COMMUNITY

SUBMIT A REQUEST

Community Downloads
Connect with thousands of experts Find the latest software for all of
around the world! your products.
Can't find what you're looking for?
https://help.ubnt.com/hc/en-us/articles/204952274-EdgeRouter-Policy-Based-Routing 4/6
04/07/2019 EdgeRouter - Policy-Based Routing – Ubiquiti Networks Support and Help Center

Training Academy Security Rewards

Want to become a Ubiquiti Report a security vulnerability
certi ed expert? you've found and get rewarded!

Subscribe to Newsletter

Email Address

Submit

Company In the News Training

Careers Ubiquiti Blog Courses
Contact Us Product Updates Calendar
Investors Newsletters Trainers
Marketing Case Studies Become a Trainer

Buy Now Social

Ubiquiti Store Community
Find a Distributor Facebook
Stock Locator Tool Twitter
Become a Distributor YouTube
UniFi Design Tool

© 2019 Ubiquiti Networks, Inc. All rights reserved.

Compliance Info | Warranty & RMA | Terms of Service | Privacy Policy | Legal
Can't find what you're looking for?
https://help.ubnt.com/hc/en-us/articles/204952274-EdgeRouter-Policy-Based-Routing 5/6
04/07/2019 EdgeRouter - Policy-Based Routing – Ubiquiti Networks Support and Help Center

Can't find what you're looking for?

https://help.ubnt.com/hc/en-us/articles/204952274-EdgeRouter-Policy-Based-Routing 6/6