[c-nsp] PBR

[Dan Holme]

Depending on the IOS you may need a numbered ACL instead of a named one. It's an IOS quirk, a little like VRF-aware NAT requiring a route-map sometimes :-)

--Dan Holme

On 25 Jul 2010, at 20:38, Gary Smith <lists at l33t-d00d.co.uk> wrote:

> Hi - I'm struggling to get PBR working on a 2811, wonder if someone can show me with where I'm being special.
> 
> The 2811 has two connections coming in on ATM0/2/0 (binding to Di1) and ATM0/3/0 (binding to Di0). I've got a small gaggle of VLANs. I'm trying to get VLAN10 sending/receiving everything over Di1 and everything else over Di0.
> 
> If I do ip route 0.0.0.0 0.0.0.0 Dialer0, everything goes over Di0, as expected. If I cancel that and change it to ip route 0.0.0.0 0.0.0.0 Dialer1, then everything goes via that. So, I know that my connections are good. It's something internal I'm not getting right.
> 
> So, to start setting this up - everything is currently running over Dialer0. ATM0/2/0 is up over Di1, but there's no route for it.
> 
> VLAN10 is 192.168.10.0/24, so creating an access list as per this:
> 
> ip access-list extended Network10
> permit tcp any 192.168.10.0 0.0.0.255
> permit tcp 192.168.10.0 0.0.0.255 any
> 
> Then...
> 
> route-map PBR_Network10 permit 10
> match ip address Network10
> set interface Dialer1
> 
> interface Fa0/0.10
>   description Network10Uplink
>   ip policy route-map PBR_Network10
> 
> ip route 0.0.0.0 0.0.0.0 Dialer1 10
> 
> As I understand it, this should work - however, from the outside, trying to ping the address of Di1 results in no replies. Also, VLAN10 can't route over the connection, instead still routing over Di0.
> 
> What am I doing wrong?
> 
> Thanks!
> 
> Gary
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/