[c-nsp] Problem getting right result with PBR
Harold Ritter (hritter)
hritter at cisco.com
Mon May 14 09:59:11 EDT 2007
Jeremy,
The standard ACL only matches on the source. If you want to match on
both source and destination then you need to use an extended ACL as
follow:
access-list 101 permit ip 1.1.1.0 0.0.0.15 2.2.2.0 0.0.0.15
route-map client-outbound permit 5
match ip address 101
set ip next-hop 5.5.5.5
Regards,
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Jeremy Stinson
Sent: Monday, May 14, 2007 8:32 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Problem getting right result with PBR
Hello,
I'm having an issue getting PBR to work properly when I try to do both
source and destination routing. I have the following config:
interface FastEthernet1/0.103
ip policy route-map client-outbound
access-list 13 permit 1.1.1.1 0.0.0.15
access-list 14 permit 2.2.2.2 0.0.0.15
route-map client-outbound permit 10
match ip address 13
set ip next-hop 4.4.4.4
This works, when enabled all traffic originating from 1.1.1.1/28 gets
routed to the correct place. But I want to say that any traffic coming
from
1.1.1.1/28 going to 2.2.2.2/28 goto next-hop 5.5.5.5. If I add a line
of:
route-map client-outbound permit 5
match ip address 14
set ip next-hop 5.5.5.5
Traffic is not matched and all traffic continues to go out rule #10. I
also
tried:
route-map client-outbound deny 5
match ip address 14
And this doesn't help either. Any suggestions? This is running on
12.4(5a) on a 7206/400.
Thanks in advance for any pointers.
Jeremy
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list