09-12-2011 05:48 AM - edited 02-21-2020 04:27 AM
<TR style="HEIGHT: 15.6pt" mcestyle="height: 15.6pt;">
<TD style="PADDING-BOTTOM: 0cm; PADDING-LEFT: 5.4pt; WIDTH: 284.1pt; PADDING-RIGHT: 5.4pt; HEIGHT: 15.6pt; PADDING-TOP: 0cm" vAlign=bottom width=474 noWrap mcestyle="padding-bottom: 0cm; padding-left: 5.4pt; width: 284.1pt; padding-right: 5.4pt; height: 15.6pt; padding-top: 0cm;">
ip access-list extended SECONDARY_TRAFFIC
<TR style="HEIGHT: 15.6pt" mcestyle="height: 15.6pt;">
<TD style="PADDING-BOTTOM: 0cm; PADDING-LEFT: 5.4pt; WIDTH: 284.1pt; PADDING-RIGHT: 5.4pt; HEIGHT: 15.6pt; PADDING-TOP: 0cm" vAlign=bottom width=474 noWrap mcestyle="padding-bottom: 0cm; padding-left: 5.4pt; width: 284.1pt; padding-right: 5.4pt; height: 15.6pt; padding-top: 0cm;">
permit tcp any host 172.255.5.89 eq 3128
<TR style="HEIGHT: 15.6pt" mcestyle="height: 15.6pt;">
<TD style="PADDING-BOTTOM: 0cm; PADDING-LEFT: 5.4pt; WIDTH: 284.1pt; PADDING-RIGHT: 5.4pt; HEIGHT: 15.6pt; PADDING-TOP: 0cm" vAlign=bottom width=474 noWrap mcestyle="padding-bottom: 0cm; padding-left: 5.4pt; width: 284.1pt; padding-right: 5.4pt; height: 15.6pt; padding-top: 0cm;">
permit udp any host 172.255.5.89 eq 3128
<TR style="HEIGHT: 14.4pt" mcestyle="height: 14.4pt;">
<TD style="PADDING-BOTTOM: 0cm; PADDING-LEFT: 5.4pt; WIDTH: 284.1pt; PADDING-RIGHT: 5.4pt; HEIGHT: 14.4pt; PADDING-TOP: 0cm" vAlign=bottom width=474 noWrap mcestyle="padding-bottom: 0cm; padding-left: 5.4pt; width: 284.1pt; padding-right: 5.4pt; height: 14.4pt; padding-top: 0cm;">
deny ip any any log
<TR style="HEIGHT: 14.4pt" mcestyle="height: 14.4pt;">
<TD style="PADDING-BOTTOM: 0cm; PADDING-LEFT: 5.4pt; WIDTH: 284.1pt; PADDING-RIGHT: 5.4pt; HEIGHT: 14.4pt; PADDING-TOP: 0cm" vAlign=bottom width=474 noWrap mcestyle="padding-bottom: 0cm; padding-left: 5.4pt; width: 284.1pt; padding-right: 5.4pt; height: 14.4pt; padding-top: 0cm;"></TD></TR>
<TR style="HEIGHT: 16.45pt" mcestyle="height: 16.45pt;">
<TD style="PADDING-BOTTOM: 0cm; PADDING-LEFT: 5.4pt; WIDTH: 284.1pt; PADDING-RIGHT: 5.4pt; HEIGHT: 16.45pt; PADDING-TOP: 0cm" vAlign=bottom width=474 noWrap mcestyle="padding-bottom: 0cm; padding-left: 5.4pt; width: 284.1pt; padding-right: 5.4pt; height: 16.45pt; padding-top: 0cm;">
route-map LINK_2 permit 10
<TR style="HEIGHT: 21pt" mcestyle="height: 21pt;">
<TD style="PADDING-BOTTOM: 0cm; PADDING-LEFT: 5.4pt; WIDTH: 284.1pt; PADDING-RIGHT: 5.4pt; HEIGHT: 21pt; PADDING-TOP: 0cm" vAlign=bottom width=474 noWrap mcestyle="padding-bottom: 0cm; padding-left: 5.4pt; width: 284.1pt; padding-right: 5.4pt; height: 21pt; padding-top: 0cm;">
match ip address SECONDARY_TRAFFIC
<TR style="HEIGHT: 15.6pt" mcestyle="height: 15.6pt;">
<TD style="PADDING-BOTTOM: 0cm; PADDING-LEFT: 5.4pt; WIDTH: 284.1pt; PADDING-RIGHT: 5.4pt; HEIGHT: 15.6pt; PADDING-TOP: 0cm" vAlign=bottom width=474 noWrap mcestyle="padding-bottom: 0cm; padding-left: 5.4pt; width: 284.1pt; padding-right: 5.4pt; height: 15.6pt; padding-top: 0cm;">
set interface Tunnel901
<TR style="HEIGHT: 16.2pt" mcestyle="height: 16.2pt;">
<TD style="PADDING-BOTTOM: 0cm; PADDING-LEFT: 5.4pt; WIDTH: 284.1pt; PADDING-RIGHT: 5.4pt; HEIGHT: 16.2pt; PADDING-TOP: 0cm" vAlign=bottom width=474 noWrap mcestyle="padding-bottom: 0cm; padding-left: 5.4pt; width: 284.1pt; padding-right: 5.4pt; height: 16.2pt; padding-top: 0cm;">
!
<TR style="HEIGHT: 16.2pt" mcestyle="height: 16.2pt;">
<TD style="PADDING-BOTTOM: 0cm; PADDING-LEFT: 5.4pt; WIDTH: 284.1pt; PADDING-RIGHT: 5.4pt; HEIGHT: 16.2pt; PADDING-TOP: 0cm" vAlign=bottom width=474 noWrap mcestyle="padding-bottom: 0cm; padding-left: 5.4pt; width: 284.1pt; padding-right: 5.4pt; height: 16.2pt; padding-top: 0cm;">
interface GigabitEthernet0/0
<TR style="HEIGHT: 16.2pt" mcestyle="height: 16.2pt;">
<TD style="PADDING-BOTTOM: 0cm; PADDING-LEFT: 5.4pt; WIDTH: 284.1pt; PADDING-RIGHT: 5.4pt; HEIGHT: 16.2pt; PADDING-TOP: 0cm" vAlign=bottom width=474 noWrap mcestyle="padding-bottom: 0cm; padding-left: 5.4pt; width: 284.1pt; padding-right: 5.4pt; height: 16.2pt; padding-top: 0cm;">
description LAN INTERFACE
<TR style="HEIGHT: 14.4pt" mcestyle="height: 14.4pt;">
<TD style="PADDING-BOTTOM: 0cm; PADDING-LEFT: 5.4pt; WIDTH: 284.1pt; PADDING-RIGHT: 5.4pt; HEIGHT: 14.4pt; PADDING-TOP: 0cm" vAlign=bottom width=474 noWrap mcestyle="padding-bottom: 0cm; padding-left: 5.4pt; width: 284.1pt; padding-right: 5.4pt; height: 14.4pt; padding-top: 0cm;">
ip address 172.17.77.10 255.255.255.0
<TR style="HEIGHT: 16.2pt" mcestyle="height: 16.2pt;">
<TD style="PADDING-BOTTOM: 0cm; PADDING-LEFT: 5.4pt; WIDTH: 284.1pt; PADDING-RIGHT: 5.4pt; HEIGHT: 16.2pt; PADDING-TOP: 0cm" vAlign=bottom width=474 noWrap mcestyle="padding-bottom: 0cm; padding-left: 5.4pt; width: 284.1pt; padding-right: 5.4pt; height: 16.2pt; padding-top: 0cm;">
ip policy route-map LINK_2
<TR style="HEIGHT: 16.2pt" mcestyle="height: 16.2pt;">
<TD style="PADDING-BOTTOM: 0cm; PADDING-LEFT: 5.4pt; WIDTH: 284.1pt; PADDING-RIGHT: 5.4pt; HEIGHT: 16.2pt; PADDING-TOP: 0cm" vAlign=bottom width=474 noWrap mcestyle="padding-bottom: 0cm; padding-left: 5.4pt; width: 284.1pt; padding-right: 5.4pt; height: 16.2pt; padding-top: 0cm;">
duplex auto
<TR style="HEIGHT: 14.4pt" mcestyle="height: 14.4pt;">
<TD style="PADDING-BOTTOM: 0cm; PADDING-LEFT: 5.4pt; WIDTH: 284.1pt; PADDING-RIGHT: 5.4pt; HEIGHT: 14.4pt; PADDING-TOP: 0cm" vAlign=bottom width=474 noWrap mcestyle="padding-bottom: 0cm; padding-left: 5.4pt; width: 284.1pt; padding-right: 5.4pt; height: 14.4pt; padding-top: 0cm;">
speed auto
<BR mozdirty type="_moz">
In the Policy based Routing , i would like to know , what packets are denied by the access list " Deny ip any any " statement ? ; pls help me
09-12-2011 05:50 AM
In the Policy based Routing , i would like to know , what packets are denied by the access list " Deny ip any any " statement ? ; pls help me and when i implement this the access list is blocking some lan to lan packets why ?
ip access-list extended SECONDARY_TRAFFIC
permit tcp any host 172.255.55.89 eq 3333
permit udp any host 172.255.55.89 eq 3333
deny ip any any log
route-map LINK_2 permit 10
match ip address SECONDARY_TRAFFIC
set interface Tunnel901
!
interface GigabitEthernet0/0
description LAN INTERFACE
ip address 172.7.1.10 255.255.255.0
ip policy route-map LINK_2
duplex auto
speed auto
09-13-2011 11:03 AM
The access list is pretty straight forward. It permits traffic to host 172.255.55.89 for port 3333 (both TCP and UDP) and it denies all other traffic.
Perhaps that sounds alarming - that only traffic that is port 3333 to host 172.255.55.89 is permitted and all other is denied. But bear in mind that the access list is not filtering traffic on the interface (as we tend to expect of access lists). In this case the access list is selecting traffic for Policy Based Routing. So it is saying that only port 3333 to host 172.255.55.89 will be subject to PBR. All other traffic should be forwarded normally.
I am not clear why implementing this access list is blocking some lan to lan traffic. Perhaps you can supply some additional information that would help us to identify the problem.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide