03-16-2012 09:48 AM - edited 03-04-2019 03:41 PM
Afternoon,
I have been playing around in a lab with PBR and I can't seem to get it to work the way I *think* I have configured it to.
Basic background;
2 routers, 'SITE' and 'CARRIER' (both 2911s).
SITE has two ethernet interfaces, 1.1.1.2 (DATA) and 2.2.2.2 (VOICE). Both these interfaces are P2P to CARRIER (1.1.1.1 & 2.2.2.1 respectively).
There is a switch off of SITE that has two vlans, one with 10.9.167.0/21 (vlan10) and one with 10.9.127.0/24 (vlan20).
There is a web server hanging off of the CARRIER router on the subnet 192.168.0.0/24 with the IP address of 192.168.0.50.
On the client side, i'd like all traffic from the 10.9.167.0/21 subnet to go across the DATA connection and all traffic from 10.9.127.0/24 across the VOICE connection.
Here's what I have so far on SITE:
access list:
ip access-list extended DATA
permit ip 10.9.160.0 0.0.7.255 any log
deny ip any any
!
ip access-list extended VOICE
permit ip 10.9.127.0 0.0.0.255 any log
deny ip any any
!
then the route maps:
route-map PBR_DATA permit 10
match ip address DATA
set ip default next-hop 1.1.1.1
!
route-map PBR_VOICE permit 10
match ip address VOICE
set ip default next-hop 2.2.2.1
!
and then finally applied to the sub-interfaces:
interface GigabitEthernet0/2.10
description DATA VLAN
encapsulation dot1Q 10 native
ip address 10.9.167.1 255.255.248.0
ip policy route-map PBR_DATA
!
interface GigabitEthernet0/2.20
description VOICE VLAN
encapsulation dot1Q 20
ip address 10.9.127.1 255.255.255.0
ip policy route-map PBR_VOICE
When I do a 'show route-map' I dont see any increments in the counters for the PBR_VOICE route map but I can sucessfully access the web server off of the CARRIER router from both PCs on the different VLANS. also, when I do a 'debug ip policy' on the SITE router I get:
Mar 16 16:44:00.447: IP: s=10.9.127.50 (GigabitEthernet0/2.20), d=192.168.0.50, len 60, FIB policy rejected(no match) - normal forwarding
Mar 16 16:44:00.451: IP: s=10.9.127.50 (GigabitEthernet0/2.20), d=192.168.0.50, len 52, FIB policy rejected(no match) - normal forwarding
Mar 16 16:44:00.451: IP: s=10.9.127.50 (GigabitEthernet0/2.20), d=192.168.0.50, len 457, FIB policy rejected(no match) - normal forwarding
Mar 16 16:44:00.451: IP: s=10.9.127.50 (GigabitEthernet0/2.20), d=192.168.0.50, len 52, FIB policy rejected(no match) - normal forwarding
In the routing table I just have a default route to 1.1.1.1
I used the 'default next-hop' command in the route-maps as according to a cisco document if the route is NOT present in the routing table, then it routes to the next hop..
I have tried using the standard 'set ip next-hop' variant and still get the same outcome.
it may be something obvious that i'm missing but i've been looking at this for so long it's kind of all mush now.
If anyone has any comments, or a better way to do this then i'm all ears.
thanks,
Alan
03-16-2012 01:26 PM
Did you check the counters on both ethernet interfaces to see if traffic is passing via the VOICE interface?
Can you use 'ip next-hop' instead?
Did you verify the VOICE interface is up/up?
Keep in mind, you may have to do PBR from the CARRIER router too - if you want the return traffic to use the VOICE interface.
Regards,
Edison
03-16-2012 01:51 PM
Alan
Like Edison I would like to see what happens if you set ip next-hop instead of default next-hop. I would also like to see what happens if you remove the log parameter from the access lists.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide