[c-nsp] route-map behavior with policy routing
Bruce Pinsky
bep at whack.org
Fri Aug 25 01:49:08 EDT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Joe Maimon wrote:
>
>
> Bruce Pinsky wrote:
>
>>
>>
>> A quick test showed that without the access-list existing, all packets
>> seem
>> to match the route map and are policy routed.
>>
>
> So you should be adding
>
> route-map PBR per 5
>
> before working on acl 90
>
> and when you are done
>
> no route-map PBR per 5
Yes, that will still cause a policy match, but with no disposition it bails
out and falls back to destination routing.
00:06:22: IP: s=192.168.0.1 (local), d=210.150.248.138, len 100, policy match
00:06:22: IP: route map foobar, item 5, permit
00:06:22: IP: s=192.168.0.1 (local), d=210.150.248.138, len 100, policy
rejected -- normal forwarding
00:06:22: IP: s=192.168.0.9 (local), d=210.150.248.138, len 100, policy match
00:06:22: IP: route map foobar, item 5, permit
00:06:22: IP: s=192.168.0.9 (local), d=210.150.248.138, len 100, policy
rejected -- normal forwarding
00:06:22: IP: s=192.168.0.1 (local), d=210.150.248.138, len 100, policy match
00:06:22: IP: route map foobar, item 5, permit
00:06:22: IP: s=192.168.0.1 (local), d=210.150.248.138, len 100, policy
rejected -- normal forwarding
If policy forwarding all traffic is the source of the problem, this should
work around it.
- --
=========
bep
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFE7o9UE1XcgMgrtyYRApkLAKCHweuZhde+BDzBCrdxyUzdPmiFigCgrX7F
lGluUff26W4FxLBU/BaegUY=
=hfIh
-----END PGP SIGNATURE-----
More information about the cisco-nsp
mailing list