Re: PBR not working while using Eigrp

Syedalishah · ‎03-29-2024

Hi Community,

I want to configure PBR for LAN subnet as when any of the user initiate the traffic for server packet should go to the ISP-2

e.g 192.168.40.20 destined to 192.168.16.55 it should follow the ISP-2 reaming traffic should follow ISP-1

I have configured. PBR but it's not working.

When Iam taking traceroute the traffic is going from ISP-1 for the destinations that i have defined in ACL for route-map

route-map LHRB, permit, sequence 10
Match clauses:
ip address (access-lists): LHRB
Set clauses:
ip next-hop verify-availability 172.16.3.69 10 track 1 [undefined]
ip next-hop 172.16.3.69
Policy routing matches: 0 packets, 0 bytes

Extended IP access list LHRB
10 permit ip 192.168.40.0 0.0.0.255 host 192.168.16.11
20 permit ip 192.168.40.0 0.0.0.255 host 192.168.16.72
30 permit ip 192.168.40.0 0.0.0.255 host 192.168.16.77

sh ip policy

Interface Route map
Gi0/0 LHRB

LHRB-RTR#sh ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(100)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 172.16.3.69 Tu310 14 00:00:29 56 1470 0 27711
0 172.16.1.69 Tu110 13 03:45:57 40 1470 0 39005

H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 172.16.3.69 Tu310 14 00:00:29 56 1470 0 27711
0 172.16.1.69 Tu110 13 03:45:57 40 1470 0 39005

David Ruess · ‎03-29-2024

Hello,

If you need traffic destined to the Server IP you mentioned of 192.168.16.55 the you need to include it in your ACL, otherwise it wont be affected by your PBR.

When you test it again can you share the output of the command: debug ip policy

-David

Syedalishah · ‎03-29-2024

Sorry I have just paste three IP's 16.55 is also included in ACL. when iam doing debug ip policy I cannot see any logs or policy that match

balaji.bandi · ‎03-29-2024

The output not clear to me - can you post complete configuration where you doing this PBR

below example should work - again need to test in your environment :

ip access-list extended MYPBR
permit ip host 192.168.40.20 host 192.168.16.55

route-map MAPPBR permit 10
match ip address MYPBR
set ip next-hop ISPX

interface x/x
ip policy route-map MAPPBR

still not working you need to post the configuration.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Syedalishah · ‎03-29-2024

I have configured GRE tunnel with My aggregation and iam set ip next-hop the IP of tunnel configured on aggregation site.

balaji.bandi · ‎03-29-2024

still not working you need to post the configuration.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Syedalishah · ‎03-29-2024

Extended IP access list LHRB
10 permit ip 192.168.40.0 0.0.0.255 host 192.168.16.11
20 permit ip 192.168.40.0 0.0.0.255 host 192.168.16.72
30 permit ip 192.168.40.0 0.0.0.255 host 192.168.16.77
40 permit ip 192.168.40.0 0.0.0.255 host 192.168.16.45
50 permit ip 192.168.40.0 0.0.0.255 host 192.168.16.55
60 permit ip 192.168.40.0 0.0.0.255 host 192.168.16.158
70 permit ip 192.168.40.0 0.0.0.255 host 192.168.16.76
80 permit ip 192.168.40.0 0.0.0.255 host 192.168.16.252

route-map LHR, permit, sequence 10
Match clauses:
ip address (access-lists): LHRB
Set clauses:
ip next-hop verify-availability 172.16.3.69 10 track 1 [undefined]
ip next-hop 172.16.3.69
Policy routing matches: 439 packets, 70225 bytes

MHM Cisco World · ‎03-29-2024

It seem to me (not 100% sure) pbr config is correct' but the test is wrong

If you want to test pbr you must do test in point behind router you config pbr on it not in router itself'

If you want to test any pbr from router you need to use local pbr.

MHM

Syedalishah · ‎03-29-2024

@MHM Cisco World I also taken trace from one of the LAN user the packet is going from the ISP-1

MHM Cisco World · ‎03-29-2024

Show ip access-list <<- share this

MHM

Syedalishah · ‎03-29-2024

Extended IP access list LHRB
10 permit ip 192.168.40.0 0.0.0.255 host 192.168.16.11
20 permit ip 192.168.40.0 0.0.0.255 host 192.168.16.72
30 permit ip 192.168.40.0 0.0.0.255 host 192.168.16.77
40 permit ip 192.168.40.0 0.0.0.255 host 192.168.16.45
50 permit ip 192.168.40.0 0.0.0.255 host 192.168.16.55
60 permit ip 192.168.40.0 0.0.0.255 host 192.168.16.158
70 permit ip 192.168.40.0 0.0.0.255 host 192.168.16.76
80 permit ip 192.168.40.0 0.0.0.255 host 192.168.16.252

route-map LHR, permit, sequence 10
Match clauses:
ip address (access-lists): LHRB
Set clauses:
ip next-hop verify-availability 172.16.3.69 10 track 1 [undefined]
ip next-hop 172.16.3.69
Policy routing matches: 439 packets, 70225 bytes

Interface Route map
Gi0/0 LHRB

David Ruess · ‎03-29-2024

Your track 1 shows undefined. Have you configured a track? Can you show that as well. YOur track state needs to be up for the PBR to work

Syedalishah · ‎03-29-2024

We can't do without track?

David Ruess · ‎03-29-2024

Yes you configured a track on your PBR. So you need to configure the respective tracking object of what you are tracking in global config. If the track is down or not associated to anything then it wont work.

Syedalishah · ‎03-29-2024

yes configured but still showing me in down state