[c-nsp] Problem getting right result with PBR
Rodney Dunn
rodunn at cisco.com
Mon May 14 10:00:04 EDT 2007
You need to use an extended ACL.
ie:
access-list 144 permit ip 1.1.1.0 0.0.0.255 2.2.2.0 0.0.0.255
That says any traffic with a matching source of 1.1.1.0/24 going
to a destination in the 2.2.2.0/24 range then send it to the PBR
next hop configured.
If you have overlapping route-map entries the first hit will
be the one it takes. So you would need your more specific map
entries first in the route-map.
If On Mon, May 14, 2007 at 08:31:57AM -0400, Jeremy Stinson wrote:
> Hello,
>
> I'm having an issue getting PBR to work properly when I try to do both
> source and destination routing. I have the following config:
>
> interface FastEthernet1/0.103
> ip policy route-map client-outbound
>
> access-list 13 permit 1.1.1.1 0.0.0.15
> access-list 14 permit 2.2.2.2 0.0.0.15
>
> route-map client-outbound permit 10
> match ip address 13
> set ip next-hop 4.4.4.4
>
> This works, when enabled all traffic originating from 1.1.1.1/28 gets routed
> to the correct place. But I want to say that any traffic coming from
> 1.1.1.1/28 going to 2.2.2.2/28 goto next-hop 5.5.5.5. If I add a line of:
>
> route-map client-outbound permit 5
> match ip address 14
> set ip next-hop 5.5.5.5
>
> Traffic is not matched and all traffic continues to go out rule #10. I also
> tried:
>
> route-map client-outbound deny 5
> match ip address 14
>
> And this doesn't help either. Any suggestions? This is running on 12.4(5a)
> on a 7206/400.
>
> Thanks in advance for any pointers.
>
> Jeremy
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list