05-11-2014 08:40 PM - edited 03-04-2019 10:58 PM
Hello,
I would like to know how I can use "set tag" in Route-map in order to lead traffic specific throug static route with "ip route".
I believe that I can do the following:
access-list 101 permit ip 192.168.120.0 0.0.0.255 any /* Filtering Lan Traffic Specific 1 */
access-list 102 permit ip 192.168.180.0 0.0.0.255 any /* Filtering Lan Traffic Specific 2 */
!
route-map XXXX permit 10 /* Tag 20 is related to Lan traffic specific 1 */
match ip address 101
set tag 20
!
route-map YYYY permit 20 /* Tag 30 is related to Lan traffic specific 2 */
match ip address 102
set tag 30
!
interface GigabitEthernet0/1.20 /* Applying route-map to Lan subinterface */
encapsulation dot1Q 20
ip address 192.168.120.1 255.255.255.0
ip policy route-map XXXX
!
interface GigabitEthernet0/1.21 /* Applying route-map to Lan subinterface */
encapsulation dot1Q 21
ip address 192.168.180.1 255.255.255.0
ip policy route-map YYYY
!
ip route 172.18.70.0 255.255.255.0 11.0.15.1 tag 20 /* traffic specific 1 is transmit to 172.18.0.70 through next hop 11.0.15.1 */
ip route 172.18.70.0 255.255.255.0 11.0.15.5 tag 30 /* traffic specific 2 is transmit to 172.18.0.70 through next hop 11.0.15.5 */
Is this correct ?, or is there another way to approach this issue?
Thanks for your answer in advance.
Solved! Go to Solution.
05-13-2014 11:24 AM
Hi,
The PBR config looks correct but to verify it is working you should fire up this debug on R1: debug ip policy
first post the output of this command to verify the PBR part is working
Remark:
all those routes are unnecessary as these are directly connected networks
ip route 11.0.12.0 255.255.255.252 GigabitEthernet0/0.80
ip route 11.0.12.4 255.255.255.252 GigabitEthernet0/0.81
ip route 192.168.120.0 255.255.255.0 GigabitEthernet0/1.20
ip route 192.168.180.0 255.255.255.0 GigabitEthernet0/1.21
So you can safely get rid of them.
Also on R2 the second staic route is not correct:
ip route 192.168.120.64 255.255.255.192 11.0.12.6
It should be
ip route 192.168.180.0 255.255.255.0 11.0.12.6
Regards
Alain
05-12-2014 01:24 AM
Hello,
you are attempting to use PBR Policy Based Routing. However, your method is quite indirect.
I'm not sure it can work.
The usual way is to set the IP next-hop directly inside the route-map invoked for PBR. You can use a
route-map XXXX
match ip address 101
set ip next-hop a.b.c.d
to achieve the desired result.
Note: you may need to use more specific ACLs if your idea is to move traffic with specific source/destination combinations
EDit:
route tags are used for controlling redistribution of routes between two routing protocols, rather then attempting to divert traffic.
Hope to help
Giuseppe
05-12-2014 09:02 AM
Hello Giuseppe,
Thanks, I understand, but one question more. If I use "set ip next hop" in route-map, so it will not be necessary to use "ip route 172.18.70.0 ....." ?
At first I did this , (without "ip route"), but the traffic only got the next hop and not the destination ( 172.18.0.70.0). On the next Router I had put the route to destination but I don't know why it didn't get there.
I am trying to lead traffic of Lan subinterfaces through Wan subinterfaces on the first Router, but they must be one to one.
Well, thanks again.
Regards
05-12-2014 11:53 AM
Hi,
setting the tag has no effect in PBR as it is not a valid set action.
Could you post a drawing and explain what you did previously and what was failing.
Regards
Alain
05-13-2014 03:07 AM
05-13-2014 11:24 AM
Hi,
The PBR config looks correct but to verify it is working you should fire up this debug on R1: debug ip policy
first post the output of this command to verify the PBR part is working
Remark:
all those routes are unnecessary as these are directly connected networks
ip route 11.0.12.0 255.255.255.252 GigabitEthernet0/0.80
ip route 11.0.12.4 255.255.255.252 GigabitEthernet0/0.81
ip route 192.168.120.0 255.255.255.0 GigabitEthernet0/1.20
ip route 192.168.180.0 255.255.255.0 GigabitEthernet0/1.21
So you can safely get rid of them.
Also on R2 the second staic route is not correct:
ip route 192.168.120.64 255.255.255.192 11.0.12.6
It should be
ip route 192.168.180.0 255.255.255.0 11.0.12.6
Regards
Alain
05-14-2014 06:04 AM
Hello Cadet,
Thanks for your feedback. Sorry, I was wrong. As you say, it looks correct. I did the mistake when I tested the ping from the Router-1 while the PRB applied to ingressing traffic and not to the generated traffic in the Router-1.
I have been doing this work remotely, because the sites are far each other.
Finally one person went to the remote site and verified, from de Lan1 and Lan2, that they was following the correct route.
Also, I was not sure about this routes:
ip route 11.0.12.0 255.255.255.252 GigabitEthernet0/0.80
ip route 11.0.12.4 255.255.255.252 GigabitEthernet0/0.81
ip route 192.168.120.0 255.255.255.0 GigabitEthernet0/1.20
ip route 192.168.180.0 255.255.255.0 GigabitEthernet0/1.21
Thanks for your advise.
The "ip route" in the Router-2, I have corrected too.
Thanks very much.
Best regards,
Sandro
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide