Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
635
Views
0
Helpful
2
Replies

Policy based Routing Q

dpugalendi.d
Level 1
Level 1

‎09-12-2011 10:47 PM

In the Policy based Routing , i would like to know , what packets are denied by the access list " Deny ip any any " statement ? ; pls help me  and when i implement this the access list is blocking some lan to lan packets why ?

ip access-list extended SECONDARY_TRAFFIC
permit tcp any host 172.255.55.89 eq 3333
permit udp any host 172.255.55.89 eq 3333
deny   ip any any log

route-map LINK_2 permit 10
match ip address SECONDARY_TRAFFIC
set interface Tunnel901
!
interface GigabitEthernet0/0
description  LAN INTERFACE
ip address 172.7.1.10 255.255.255.0
ip policy route-map LINK_2
duplex auto
speed auto

Labels:
0 Helpful
2 Replies 2

Andrew Nam
Level 1
Level 1

‎09-15-2011 06:45 PM

Your access-list will only pass a match of any source to destination 172.255.55.89 port tcp and udp 3333. Anything other than this will not pass the tunnel 901 interface.

regards

Andrew

0 Helpful

ameya_oke
Level 1
Level 1
In response to Andrew Nam

‎09-15-2011 09:42 PM

Hey there,

Generally we do not block any traffic in PBR and only divert traffic acc to policy.

In your config Just remove the deny statement from ACL and add another route map statement.

1)ip access-list extended SECONDARY_TRAFFIC

     no deny   ip any any log

2)

route-map LINK_2 permit 10

match ip address SECONDARY_TRAFFIC

set interface Tunnel901

route-map LINK_2 permit 20

Issue would be resolved.

Please rate if helpful

Ameya

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card