[c-nsp] PBR
Jay Hennigan
jay at west.net
Sun Jul 25 17:24:57 EDT 2010
On 7/25/10 12:38 PM, Gary Smith wrote:
> So, to start setting this up - everything is currently running over
> Dialer0. ATM0/2/0 is up over Di1, but there's no route for it.
>
> VLAN10 is 192.168.10.0/24, so creating an access list as per this:
>
> ip access-list extended Network10
> permit tcp any 192.168.10.0 0.0.0.255
> permit tcp 192.168.10.0 0.0.0.255 any
>
> Then...
>
> route-map PBR_Network10 permit 10
> match ip address Network10
> set interface Dialer1
>
> interface Fa0/0.10
> description Network10Uplink
> ip policy route-map PBR_Network10
>
> ip route 0.0.0.0 0.0.0.0 Dialer1 10
>
> As I understand it, this should work - however, from the outside, trying
> to ping the address of Di1 results in no replies. Also, VLAN10 can't
> route over the connection, instead still routing over Di0.
>
> What am I doing wrong?
Your access list matches TCP. Your ping is ICMP. If you want all
traffic on that interface to go via PBR change the ACL to match IP and
not TCP. As you're matching on source IP you can use a standard ACL.
If everything coming in on Fa0/0.10 is to go to dialer1, you may not
need a match statement in the route-map at all.
--
Jay Hennigan - CCIE #7880 - Network Engineering - jay at impulse.net
Impulse Internet Service - http://www.impulse.net/
Your local telephone and internet company - 805 884-6323 - WB6RDV
More information about the cisco-nsp
mailing list