[nsp] Policy routing next-hop

Vandy Hamidi vandy.hamidi at markettools.com
Mon Oct 6 11:57:29 EDT 2003

A good troubleshooting tip is to do a >sh access-list SendviaWxyz
and check the counters.  This will tell you if the access-list is matching.  Alwas add a deny any any to the end of your access list so that it counts.  What to check for is hits on the:
	access-list 30 permit ip a.b.c.0
and if there aren't hits on that line, check to see if the 
	access-list 30 deny ip any any
has any hits.
If it doesn't, then the acess-list isn't even being called (which may be due to the CEF or not).
If the access-list permit entry has hits; then the access-list is being called buy the next hop may not be directly reachable.
If the permit has no hits by the deny does.  At least it's being called, but for some reason no matches.


-----Original Message-----
From: Sam Stickland [mailto:sam_ml at spacething.org]
Sent: Friday, October 03, 2003 4:34 PM
To: Cisco Nsp
Subject: [nsp] Policy routing next-hop


I'm trying to route all traffic on a specific VLAN out to a different

I've tried the following:

access-list 30 permit ip a.b.c.0

route-map sendviaWxyz permit
  match ip address 30
  set next-hop w.x.y.z

int vlan 3
  ip policy route-map sendviaWxyz

Vlan 3 is VLAN on our LAN, that I want to send out via a specific peer.

With no joy.. Have even tried using an extended access-list with 'permit ip
any any', and routemaps with no match clauses and routemaps with 'match
interface vlan3' etc. etc.

I'm really stumped, so I'd appreciate any idea's anyone might have.

This is on a Cat6500 with a Sup2-MFSC2-PFC2 and IOS 12.1(11r)E1a



cisco-nsp mailing list  cisco-nsp at puck.nether.net
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list