[nsp] RE: Policy Based Routing

Church, Chuck cchurch at wamnetgov.com
Mon Feb 9 21:08:44 EST 2004


I don't see 'ip nat inside' or 'ip nat outside' on any interfaces, indicating you're not doing NAT.  I'm assuming that 132.0.0.0 network isn't yours to use.  Certainly the 192.168 one isn't.  I'd verify the NAT config first, ensuring ethernet clients work right, then add the policy routing to handle the reuters link if necessary.

Chuck Church
CCIE #8776, MCNE, MCSE
Wam!Net Government Services
13665 Dulles Technology Dr. Ste 250
Herndon, VA 20171
Office: 703-480-2569
Cell: 703-819-3495
cchurch at wamnetgov.com
PGP key: http://pgp.mit.edu:11371/pks/lookup?op=index&search=cchurch%40wamnetgov.com

> -----Original Message-----
> From: Tobias Seda [mailto:nocadmin at nbi.ispkenya.com]
> Sent: Monday, February 09, 2004 2:48 PM
> To: cisco-nsp-request at puck.nether.net; cisco-nsp at puck.nether.net
> Subject: [nsp] RE: Policy Based Routing
> 
> 
> 
> Hi
> 
> I am having trouble configuring PBR on a cisco 12.0(a17)T 
> IOS, Cisco 1605R
> for a small network running two frame relay sub-interfaces.
> 
> One Interface is carrying Internet traffic to an ISP while 
> the other is
> connecting to another remote office.
> 
> If I check packet counter on the route map for ISP I can see 
> something, but
> it seems like the packets are not leaving the router to the 
> destination,
> because I cannot ping any host on ISP network except the 
> remote interface,
> like wise to the other Interface.
> 
> Any idea out there..?
> 
> regards
> 
> Tobias
> 
> FYI
> <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
> 
> route-map traffic-redirect, permit, sequence 10
>   Match clauses:
>     ip address (access-lists): 1
>   Set clauses:
>     ip precedence priority
>     ip next-hop 64.86.238.25
>   Policy routing matches: 15579 packets, 2108650 bytes
> route-map traffic-redirect, permit, sequence 20
>   Match clauses:
>     ip address (access-lists): 2
>   Set clauses:
>     ip precedence critical
>     ip next-hop 10.1.1.5
>   Policy routing matches: 16138 packets, 1099194 bytes
> GiroLTD#
> <><><><><<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
> 
> interface Ethernet0
>  ip address 192.168.111.1 255.255.255.0 secondary
>  ip address 64.86.235.1 255.255.255.248 secondary
>  ip address 132.0.0.54 255.255.255.0
>  no ip redirects
>  no ip directed-broadcast
>  no ip proxy-arp
>  ip policy route-map traffic-redirect
>  fair-queue 64 256 0
> !
> interface Serial0
>  no ip address
>  no ip redirects
>  no ip directed-broadcast
>  no ip proxy-arp
>  encapsulation frame-relay IETF
>  ip route-cache policy
>  ip policy route-map traffic-redirect
>  no logging event subif-link-status
>  no logging event dlci-status-change
> !
> interface Serial0.1 point-to-point
>  description 64K Internet Link to ISPKenya.
>  ip address 64.86.238.26 255.255.255.252
>  no ip redirects
>  no ip directed-broadcast
>  no ip proxy-arp
> 
> GiroLTD#conf t
> Enter configuration commands, one per line.  End with
> GiroLTD(config)#int e0
> GiroLTD(config-if)#no ip ad
> GiroLTD(config-if)#no ip address 64.86.235.1 255.255.2
> GiroLTD(config-if)#no ip address 64.86.235.1 255.255.2
> GiroLTD(config-if)#end
> GiroLTD#sh run
> Building configuration...
> 
> Current configuration:
> !
> version 12.0
> service timestamps debug uptime
> service timestamps log uptime
> service password-encryption
> !
> hostname GiroLTD
> !
> enable secret 5 $1$RIOJ$XQP4haYXV4eaK8aS7oxV01
> enable password 7 130C04020E0517
> !
> ip subnet-zero
> no ip domain-lookup
> ip domain-name ispkenya.com
> ip name-server 212.49.87.2
> ip name-server 64.86.231.5
> !
> !
> !
> interface Ethernet0
>  ip address 192.168.111.1 255.255.255.0 secondary
>  ip address 132.0.0.54 255.255.255.0
>  no ip redirects
>  no ip directed-broadcast
>  no ip proxy-arp
>  ip policy route-map traffic-redirect
>  fair-queue 64 256 0
> !
> interface Serial0
>  no ip address
>  no ip redirects
>  no ip directed-broadcast
>  no ip proxy-arp
>  encapsulation frame-relay IETF
>  ip route-cache policy
>  ip policy route-map traffic-redirect
>  no logging event subif-link-status
>  no logging event dlci-status-change
> !
> interface Serial0.1 point-to-point
>  description 64K Internet Link to ISPKenya.
>  ip address 64.86.238.26 255.255.255.252
>  no ip redirects
>  no ip directed-broadcast
>  no ip proxy-arp
>  frame-relay interface-dlci 22
> !
> interface Serial0.2 point-to-point
>  description 64K Data Link to Reuters
>  ip address 10.1.1.6 255.255.255.252
>  no ip redirects
>  no ip directed-broadcast
>  no ip proxy-arp
>  frame-relay interface-dlci 21
> !
> router rip
>  network 10.0.0.0
>  network 192.1.1.0
> !
> ip nat inside source list 1 interface Serial0.1 overlo
> ip classless
> 
> [ip route 0.0.0.0 0.0.0.0 10.1.1.5] TEMPORARY 4 TEST
> 
> !
> access-list 1 permit 132.0.0.0 0.0.0.255
> access-list 2 permit 192.168.111.0 0.0.0.255
> route-map traffic-redirect permit 10
>  match ip address 1
>  set ip precedence priority
>  set ip next-hop 64.86.238.25
> !
> route-map traffic-redirect permit 20
>  match ip address 2
>  set ip precedence critical
>  set ip next-hop 10.1.1.5
> !
> snmp-server community ispkpub RO
> snmp-server community ispkpriv RW
> !
> line con 0
>  transport input none
> line vty 0 4
>  password 7 112E101718300507490D3C
>  login
> !
> end
> 
> GiroLTD#
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 



More information about the cisco-nsp mailing list