Solved: PBR issue

libra_ali786 · ‎01-08-2019

Hi guys I have one small issue. I am trying PBR on my test environment.

When I apply access list like:

access-list 101 permit icmp host 10.10.0.10 host 192.168.1.1

access-list 101 permit icmp host 10.10.0.10 host 192.168.2.1

I am successfully pass by policy route.

*Jan 8 10:53:38.823: IP: s=10.10.0.10 (FastEthernet1/0), d=192.168.2.1, g=10.10.2.3, len 84, FIB policy routed

But When I apply access list like:

access-list 101 permit icmp 10.10.0.0 0.0.0.255 192.168.0.0 0.0.0.255

Policy was rejected and traffic forward by normal path.

*Jan 8 10:51:57.519: IP: s=10.10.0.10 (FastEthernet1/0), d=192.168.1.1, len 84, FIB policy rejected(no match) - normal forwarding

What is wrong with the access list?

My topology is :

libra_ali786 · ‎01-08-2019

i found the answer.

Destination is 192.168.1.1 its not falling under 192.168.0.0 0.0.0.255

libra_ali786 · ‎01-08-2019

i found the answer.

Destination is 192.168.1.1 its not falling under 192.168.0.0 0.0.0.255

Seb Rupik · ‎01-08-2019

Hi there,

Your new ACL destination (192.168.0.0/24) IP doesn't match the flows destination IP (192.168.1.1).

Should it be:

access-list 101 permit icmp 10.10.0.0 0.0.0.255 192.168.0.0  0.0.3.255

or more accurately:

access-list 101 permit icmp 10.10.0.0 0.0.0.255 192.168.1.0  0.0.0.255
access-list 101 permit icmp 10.10.0.0 0.0.0.255 192.168.2.0  0.0.0.255

cheers,

Seb.