[c-nsp] policy routing
Charles J. Boening
charlieb at cot.net
Sun Apr 1 03:49:04 EDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ian,
Thank you for the suggestion. I actually have the PBR stuff working.
The thing I ended up missing was using an extended ACL. Every example I
could find used standard ACLs. I was thinking it was a limitation or
something. Anyway, so far things seem to be working as intended.
I'll check into the VRF Lite stuff. If it will make life easier, I'm
all for it. :)
Thanks,
Charlie
- -----Original Message-----
From: Ian Henderson [mailto:ianh at chime.net.au]
Sent: Sunday, April 01, 2007 12:41 AM
To: Charles J. Boening; cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] policy routing
Charles J. Boening <mailto:charlieb at cot.net> wrote on Saturday, 31 March
2007 12:52 PM:
> Typical. I think I figured it out after I asked the question.
> Didn't think about it before, but looks like I can match both the
> source IP and the outbound interface and then set ip next-hop to
> force the traffic to the right NAT router. Seems to prevent
> inter-vlan routing between (2,3,4) and (4,5,6) and gets me my desired
> result.
Check out VRF Lite - it does exactly what you're after without the
hassle of policy routing (nexthops going down, tracking, etc).
Rgds,
- - I.
- --
Ian Henderson, CCIE #14721
Senior Network Engineer, iiNet Limited
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
iD8DBQFGD2PwcGGHuFdGSWARAkrgAJ9eIzzPBJLjPxXYnr7fLaLDjlJKjwCdFeeK
Cx5nByA7b5vRBfzCM7cEHAA=
=hSa+
-----END PGP SIGNATURE-----
More information about the cisco-nsp
mailing list