03-16-2012 06:11 AM - edited 03-04-2019 03:41 PM
HI,
I am trying to get PBR to work and be scalable.
I have this situation (example):
I want to policy route packets with a source of 192.168.1.0 /24 and a destination of 172.16.8.0 /24 to 10.10.1.1
so I can do this:
ip access-list 199 permit ip 192.168.1.0 0.0.0.255 172.16.8.0 0.0.0.255
route-map TEST1 permit 10
match ip address 199
set ip next-hop 10.10.1.1
and this works.
But I would like to setup a way so I don't have tons of these kinds of access lists. What I'd like to be able to do is to specify one access list for the source and another for the destination. The docs say that I should be able to put multiple match statements in and they work as an AND and both must be true for the match to occur. However, when I do this, the first match occurs and the route map uses the set command whether or not the 2nd match is there.
so:
ip access-list 190 permit ip 192.168.1.0 0.0.0.255 any
ip access-list 191 permit ip any 172.16.8.0 0.0.0.255
route-map TEST1 permit 10
match ip address 190
match ip address 191
set ip next-hop 10.10.1.1
This matches everything with a source of 192.168.1.0 /24 regardless of the destination.
Does anyone understand what I am doing wrong?
thanks.
03-16-2012 08:18 AM
Hi michael,
You match the first entry then you execute the "set" statement.
You can try to chain with the "continue" statement to do what you want, try like that:
ip access-list 190 permit ip 192.168.1.0 0.0.0.255 any
ip access-list 191 permit ip any 172.16.8.0 0.0.0.255
route-map TEST1 permit 10
match ip address 190
continue 20
route-map TEST1 permit 20
match ip address 191
set ip next-hop 10.10.1.1
Cisco Doc extract:
---------------------------
If a match clause does not exist in the route-map entry but a continue clause does, the continue clause will be automatically executed and go to the specified route-map entry. If a match clause exists in a route-map entry, the continue clause is executed only when a successful match occurs. When a successful match occurs and a continue clause exists, the route map executes the set clauses and then goes to the specified route-map entry. If the next route map contains a continue clause, the route map will execute the continue clause if a successful match occurs. If a continue clause does not exist in the next route map, the route map will be evaluated normally. If a continue clause exists in the next route map but a match does not occur, the route map will not continue and will "fall through" to the next sequence number if one exists.
---------------------------
HTH
Stephane
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide