Are there known issues with policy routing and rsp-k3pv-mz.120-11.S3?
We're running an FTP mirror site that we only want utilizing one of our
upstream providers, so I had setup the following:
ip access-list extended mirror_to_inet
deny ip any 209.208.0.0 0.0.127.255
deny ip any 216.98.0.0 0.0.15.255
permit ip host 209.208.0.69 any
deny ip any any
route-map mirror-inet-policy permit 10
match ip address mirror_to_inet
set interface Serial2/0/0
!
route-map mirror-inet-policy permit 20
interface Serial2/1/1
ip policy route-map mirror-inet-policy
The idea being, if traffic from 209.208.0.69 got into the router above
through Serial2/1/1 and was destined for an IP outside our 2 IP blocks, it
would be sent out (to the internet) through Serial2/0/0. It seemed to
work, but I just noticed that some traffic from other source IPs was also
being policy routed out Serial2/0/0, even though according to show ip bgp
the best route was elsewhere.
I changed the route-map to use an identical numbered access-list instead
of the named one and it seems to be working properly now.
BTW...what happens in a setup like this if Serial2/0/0 goes down? Do
policy routed packets get dropped? If so, is there a way to set this up
such that if the interface you're trying to policy route through goes
down, packets still get routed?
-- ---------------------------------------------------------------------- Jon Lewis *jlewis@lewis.org*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:21 EDT