cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
590
Views
0
Helpful
2
Replies

POLICY BASED ROUTING Q?

dpugalendi.d
Level 1
Level 1

 



<TR style="HEIGHT: 15.6pt" mcestyle="height: 15.6pt;">

<TD style="PADDING-BOTTOM: 0cm; PADDING-LEFT: 5.4pt; WIDTH: 284.1pt; PADDING-RIGHT: 5.4pt; HEIGHT: 15.6pt; PADDING-TOP: 0cm" vAlign=bottom width=474 noWrap mcestyle="padding-bottom: 0cm; padding-left: 5.4pt; width: 284.1pt; padding-right: 5.4pt; height: 15.6pt; padding-top: 0cm;">

ip access-list extended SECONDARY_TRAFFIC

<TR style="HEIGHT: 15.6pt" mcestyle="height: 15.6pt;">

<TD style="PADDING-BOTTOM: 0cm; PADDING-LEFT: 5.4pt; WIDTH: 284.1pt; PADDING-RIGHT: 5.4pt; HEIGHT: 15.6pt; PADDING-TOP: 0cm" vAlign=bottom width=474 noWrap mcestyle="padding-bottom: 0cm; padding-left: 5.4pt; width: 284.1pt; padding-right: 5.4pt; height: 15.6pt; padding-top: 0cm;">

 permit tcp any host 172.255.5.89 eq 3128

<TR style="HEIGHT: 15.6pt" mcestyle="height: 15.6pt;">

<TD style="PADDING-BOTTOM: 0cm; PADDING-LEFT: 5.4pt; WIDTH: 284.1pt; PADDING-RIGHT: 5.4pt; HEIGHT: 15.6pt; PADDING-TOP: 0cm" vAlign=bottom width=474 noWrap mcestyle="padding-bottom: 0cm; padding-left: 5.4pt; width: 284.1pt; padding-right: 5.4pt; height: 15.6pt; padding-top: 0cm;">

 permit udp any host 172.255.5.89 eq 3128

<TR style="HEIGHT: 14.4pt" mcestyle="height: 14.4pt;">

<TD style="PADDING-BOTTOM: 0cm; PADDING-LEFT: 5.4pt; WIDTH: 284.1pt; PADDING-RIGHT: 5.4pt; HEIGHT: 14.4pt; PADDING-TOP: 0cm" vAlign=bottom width=474 noWrap mcestyle="padding-bottom: 0cm; padding-left: 5.4pt; width: 284.1pt; padding-right: 5.4pt; height: 14.4pt; padding-top: 0cm;">

 deny   ip any any log

<TR style="HEIGHT: 14.4pt" mcestyle="height: 14.4pt;">

<TD style="PADDING-BOTTOM: 0cm; PADDING-LEFT: 5.4pt; WIDTH: 284.1pt; PADDING-RIGHT: 5.4pt; HEIGHT: 14.4pt; PADDING-TOP: 0cm" vAlign=bottom width=474 noWrap mcestyle="padding-bottom: 0cm; padding-left: 5.4pt; width: 284.1pt; padding-right: 5.4pt; height: 14.4pt; padding-top: 0cm;"></TD></TR>

<TR style="HEIGHT: 16.45pt" mcestyle="height: 16.45pt;">

<TD style="PADDING-BOTTOM: 0cm; PADDING-LEFT: 5.4pt; WIDTH: 284.1pt; PADDING-RIGHT: 5.4pt; HEIGHT: 16.45pt; PADDING-TOP: 0cm" vAlign=bottom width=474 noWrap mcestyle="padding-bottom: 0cm; padding-left: 5.4pt; width: 284.1pt; padding-right: 5.4pt; height: 16.45pt; padding-top: 0cm;">

route-map LINK_2 permit 10

<TR style="HEIGHT: 21pt" mcestyle="height: 21pt;">

<TD style="PADDING-BOTTOM: 0cm; PADDING-LEFT: 5.4pt; WIDTH: 284.1pt; PADDING-RIGHT: 5.4pt; HEIGHT: 21pt; PADDING-TOP: 0cm" vAlign=bottom width=474 noWrap mcestyle="padding-bottom: 0cm; padding-left: 5.4pt; width: 284.1pt; padding-right: 5.4pt; height: 21pt; padding-top: 0cm;">

 match ip address SECONDARY_TRAFFIC

<TR style="HEIGHT: 15.6pt" mcestyle="height: 15.6pt;">

<TD style="PADDING-BOTTOM: 0cm; PADDING-LEFT: 5.4pt; WIDTH: 284.1pt; PADDING-RIGHT: 5.4pt; HEIGHT: 15.6pt; PADDING-TOP: 0cm" vAlign=bottom width=474 noWrap mcestyle="padding-bottom: 0cm; padding-left: 5.4pt; width: 284.1pt; padding-right: 5.4pt; height: 15.6pt; padding-top: 0cm;">

 set interface Tunnel901

<TR style="HEIGHT: 16.2pt" mcestyle="height: 16.2pt;">

<TD style="PADDING-BOTTOM: 0cm; PADDING-LEFT: 5.4pt; WIDTH: 284.1pt; PADDING-RIGHT: 5.4pt; HEIGHT: 16.2pt; PADDING-TOP: 0cm" vAlign=bottom width=474 noWrap mcestyle="padding-bottom: 0cm; padding-left: 5.4pt; width: 284.1pt; padding-right: 5.4pt; height: 16.2pt; padding-top: 0cm;">

!

<TR style="HEIGHT: 16.2pt" mcestyle="height: 16.2pt;">

<TD style="PADDING-BOTTOM: 0cm; PADDING-LEFT: 5.4pt; WIDTH: 284.1pt; PADDING-RIGHT: 5.4pt; HEIGHT: 16.2pt; PADDING-TOP: 0cm" vAlign=bottom width=474 noWrap mcestyle="padding-bottom: 0cm; padding-left: 5.4pt; width: 284.1pt; padding-right: 5.4pt; height: 16.2pt; padding-top: 0cm;">

interface GigabitEthernet0/0

<TR style="HEIGHT: 16.2pt" mcestyle="height: 16.2pt;">

<TD style="PADDING-BOTTOM: 0cm; PADDING-LEFT: 5.4pt; WIDTH: 284.1pt; PADDING-RIGHT: 5.4pt; HEIGHT: 16.2pt; PADDING-TOP: 0cm" vAlign=bottom width=474 noWrap mcestyle="padding-bottom: 0cm; padding-left: 5.4pt; width: 284.1pt; padding-right: 5.4pt; height: 16.2pt; padding-top: 0cm;">

 description   LAN INTERFACE

<TR style="HEIGHT: 14.4pt" mcestyle="height: 14.4pt;">

<TD style="PADDING-BOTTOM: 0cm; PADDING-LEFT: 5.4pt; WIDTH: 284.1pt; PADDING-RIGHT: 5.4pt; HEIGHT: 14.4pt; PADDING-TOP: 0cm" vAlign=bottom width=474 noWrap mcestyle="padding-bottom: 0cm; padding-left: 5.4pt; width: 284.1pt; padding-right: 5.4pt; height: 14.4pt; padding-top: 0cm;">

 ip address 172.17.77.10 255.255.255.0

<TR style="HEIGHT: 16.2pt" mcestyle="height: 16.2pt;">

<TD style="PADDING-BOTTOM: 0cm; PADDING-LEFT: 5.4pt; WIDTH: 284.1pt; PADDING-RIGHT: 5.4pt; HEIGHT: 16.2pt; PADDING-TOP: 0cm" vAlign=bottom width=474 noWrap mcestyle="padding-bottom: 0cm; padding-left: 5.4pt; width: 284.1pt; padding-right: 5.4pt; height: 16.2pt; padding-top: 0cm;">

 ip policy route-map LINK_2

<TR style="HEIGHT: 16.2pt" mcestyle="height: 16.2pt;">

<TD style="PADDING-BOTTOM: 0cm; PADDING-LEFT: 5.4pt; WIDTH: 284.1pt; PADDING-RIGHT: 5.4pt; HEIGHT: 16.2pt; PADDING-TOP: 0cm" vAlign=bottom width=474 noWrap mcestyle="padding-bottom: 0cm; padding-left: 5.4pt; width: 284.1pt; padding-right: 5.4pt; height: 16.2pt; padding-top: 0cm;">

 duplex auto

<TR style="HEIGHT: 14.4pt" mcestyle="height: 14.4pt;">

<TD style="PADDING-BOTTOM: 0cm; PADDING-LEFT: 5.4pt; WIDTH: 284.1pt; PADDING-RIGHT: 5.4pt; HEIGHT: 14.4pt; PADDING-TOP: 0cm" vAlign=bottom width=474 noWrap mcestyle="padding-bottom: 0cm; padding-left: 5.4pt; width: 284.1pt; padding-right: 5.4pt; height: 14.4pt; padding-top: 0cm;">

 speed auto


<BR mozdirty type="_moz"> 


In the Policy based Routing , i would like to know , what packets are denied by the access list " Deny ip any any " statement ? ; pls help me

2 Replies 2

dpugalendi.d
Level 1
Level 1

In the Policy based Routing , i would like to know , what packets are denied by the access list " Deny ip any any " statement ? ; pls help me  and when i implement this the access list is blocking some lan to lan packets why ?

ip access-list extended SECONDARY_TRAFFIC
permit tcp any host 172.255.55.89 eq 3333
permit udp any host 172.255.55.89 eq 3333
deny   ip any any log

route-map LINK_2 permit 10
match ip address SECONDARY_TRAFFIC
set interface Tunnel901
!
interface GigabitEthernet0/0
description  LAN INTERFACE
ip address 172.7.1.10 255.255.255.0
ip policy route-map LINK_2
duplex auto
speed auto

The access list is pretty straight forward. It permits traffic to host 172.255.55.89 for port 3333 (both TCP and UDP) and it denies all other traffic.

Perhaps that sounds alarming - that only traffic that is port 3333 to host 172.255.55.89 is permitted and all other is denied. But bear in mind that the access list is not filtering traffic on the interface (as we tend to expect of access lists). In this case the access list is selecting traffic for Policy Based Routing. So it is saying that only port 3333 to host 172.255.55.89 will be subject to PBR. All other traffic should be forwarded normally.

I am not clear why implementing this access list is blocking some lan to lan traffic. Perhaps you can supply some additional information that would help us to identify the problem.

HTH

Rick

HTH

Rick
Review Cisco Networking for a $25 gift card