Re: PBR problem need help - Cisco Community

734

Views

0

Helpful

5

Replies

I am having a pbr problem that hrough testing has traced back to my 6509 msfc running ios 12.1(6)E1. Here is my config and the debug. Any help would be appreciated. I dont know if this is an ios bug or a config issue. I have 2 calls open with tac but the engineers seem to have the same knowledge base as I do.

interface Vlan600

description public vlan

ip address 255.255.255.225 255.255.255.0

no ip redirects

ip pim sparse-dense-mode

ip policy route-map wireless

standby 200 timers 1 3

standby 200 priority 100 preempt

standby 200 ip 255.255.255.255

access-list 175 permit ip 172.31.0.0 0.0.255.255 any

route-map wireless permit 10

match ip address 175

set ip next-hop 172.30.1.10

Dec 13 14:53:26: IP: s=172.31.108.15 (Vlan600), d=207.159.195.203, len 60, FIB p

olicy rejected - normal forwarding

Dec 13 14:53:27: IP: s=172.31.108.15 (Vlan600), d=207.159.195.203, len 60, FIB p

olicy match

Dec 13 14:53:27: CEF-IP-POLICY: fib for address 172.30.1.10 is with flag 33

Dec 13 14:53:27: IP: s=172.31.108.15 (Vlan600), d=207.159.195.203, len 60, FIB p

olicy rejected - normal forwarding

Dec 13 14:53:28: IP: s=172.31.108.15 (Vlan600), d=207.159.195.203, len 60, FIB p

olicy match

Dec 13 14:53:28: CEF-IP-POLICY: fib for address 172.30.1.10 is with flag 33

Dec 13 14:53:28: IP: s=172.31.108.15 (Vlan600), d=207.159.195.203, len 60, FIB p

olicy rejected - normal forwarding

Dec 13 14:53:29: IP: s=172.31.108.15 (Vlan600), d=207.159.195.203, len 60, FIB p

olicy match

Dec 13 14:53:29: CEF-IP-POLICY: fib for address 172.30.1.10 is with flag 33

Dec 13 14:53:29: IP: s=172.31.108.15 (Vlan600), d=207.159.195.203, len 60, FIB p

olicy rejected - normal forwarding

Dec 13 14:53:30: IP: s=172.31.108.15 (Vlan600), d=207.159.195.203, len 60, FIB p

olicy match

Dec 13 14:53:30: CEF-IP-POLICY: fib for address 172.30.1.10 is with flag 33

Dec 13 14:53:30: IP: s=172.31.108.15 (Vlan600), d=207.159.195.203, len 60, FIB p

olicy rejected - normal forwarding

Dec 13 14:53:31: IP: s=172.31.108.1 (Vlan600), d=172.16.100.74, len 84, FIB poli

cy match

Dec 13 14:53:31: CEF-IP-POLICY: fib for address 172.30.1.10 is with flag 33

Dec 13 14:53:31: IP: s=172.31.108.1 (Vlan600), d=172.16.100.74, len 84, FIB poli

cy rejected - normal forwarding

5 Replies 5

Hello,

the problem with PBR is that it does not accept the 'set ip next-hop' when the next hop is not actually a directly connected interface. It will then fall back to normal L3 routing, that is why you see the 'FIB policy rejected' messages.

Try to change the next hop address to a directly connected interface and see if that works.

Regards,

GP

Hi GP,

Could you use recursive next hop in this case?

I haven't used this before however it was recommended to me for forcing wireless clients to talk to a wireless gateway on a remote network.

Thanks in advance

Paddy

Hello Paddy,

yes I guess that would work. Since you proposed it yourself I assume you are familiar with how to configure it, just in case, here is the URL:

PBR Recursive Next Hop

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s28/12s_pbr.htm

Regards,

GP

Thank you all for tyhe help so far but unfortunatly I have had no luck. The recursive pbr is only availaible fo rthe 12000 series not for the 6500. The wireless gateway is directly connected to the 6500's sup module on vlan 750. I just dont understand the bouncing. One packet is fowarded but the next is rejected. This goes on and on etc. Thanks again.

Hello,

can you try ´set interface´ instead of ´set ip next-hop´ in your route map ?

Also, can you post the output of ´show ip cef 172.30.1.10´?

Regards,

GP

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Log in to Community