cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1618
Views
1
Helpful
27
Replies

PBR not working while using Eigrp

Syedalishah
Level 1
Level 1

Hi Community,

I want to configure PBR for LAN subnet as when any of the user initiate the traffic for server packet should go to the ISP-2

e.g 192.168.40.20 destined to 192.168.16.55 it should follow the ISP-2 reaming traffic should follow ISP-1

I have configured. PBR but it's not working.

When Iam taking traceroute the traffic is going from ISP-1 for the destinations that i have defined in ACL for route-map

route-map LHRB, permit, sequence 10
Match clauses:
ip address (access-lists): LHRB
Set clauses:
ip next-hop verify-availability 172.16.3.69 10 track 1 [undefined]
ip next-hop 172.16.3.69
Policy routing matches: 0 packets, 0 bytes

Extended IP access list LHRB
10 permit ip 192.168.40.0 0.0.0.255 host 192.168.16.11
20 permit ip 192.168.40.0 0.0.0.255 host 192.168.16.72
30 permit ip 192.168.40.0 0.0.0.255 host 192.168.16.77

sh ip policy

Interface Route map
Gi0/0 LHRB

LHRB-RTR#sh ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(100)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 172.16.3.69 Tu310 14 00:00:29 56 1470 0 27711
0 172.16.1.69 Tu110 13 03:45:57 40 1470 0 39005

H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 172.16.3.69 Tu310 14 00:00:29 56 1470 0 27711
0 172.16.1.69 Tu110 13 03:45:57 40 1470 0 39005

 

 

 

 

Syedalishah_0-1711729797737.png

 

27 Replies 27

Hello,

If you need traffic destined to the Server IP you mentioned of 192.168.16.55 the you need to include it in your ACL, otherwise it wont be affected by your PBR.

When you test it again can you share the output of the command: debug ip policy

-David

Sorry I have just paste three IP's 16.55 is also included in ACL. when iam doing debug ip policy I cannot see any logs or policy that match

balaji.bandi
Hall of Fame
Hall of Fame

The output not clear to me - can you post complete configuration where you doing this PBR

below example should work - again need to test in your environment :

ip access-list extended MYPBR
permit ip host 192.168.40.20 host 192.168.16.55

route-map MAPPBR permit 10
match ip address MYPBR
set ip next-hop ISPX

interface x/x
ip policy route-map MAPPBR

still not working you need to post the configuration.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

I have configured GRE tunnel with My aggregation and iam set ip next-hop the IP of tunnel configured on aggregation site.  

still not working you need to post the configuration.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Extended IP access list LHRB
10 permit ip 192.168.40.0 0.0.0.255 host 192.168.16.11
20 permit ip 192.168.40.0 0.0.0.255 host 192.168.16.72
30 permit ip 192.168.40.0 0.0.0.255 host 192.168.16.77
40 permit ip 192.168.40.0 0.0.0.255 host 192.168.16.45
50 permit ip 192.168.40.0 0.0.0.255 host 192.168.16.55
60 permit ip 192.168.40.0 0.0.0.255 host 192.168.16.158
70 permit ip 192.168.40.0 0.0.0.255 host 192.168.16.76
80 permit ip 192.168.40.0 0.0.0.255 host 192.168.16.252

 

route-map LHR, permit, sequence 10
Match clauses:
ip address (access-lists): LHRB
Set clauses:
ip next-hop verify-availability 172.16.3.69 10 track 1 [undefined]
ip next-hop 172.16.3.69
Policy routing matches: 439 packets, 70225 bytes

 

It seem to me (not 100% sure) pbr config is correct' but the test is wrong 

If you want to test pbr you must do test in point behind router you config pbr on it not in router itself'

If you want to test any pbr from router you need to use local pbr.

MHM

@MHM Cisco World I also taken trace from one of the LAN user the packet is going from the ISP-1

Show ip access-list <<- share this

MHM

Extended IP access list LHRB
10 permit ip 192.168.40.0 0.0.0.255 host 192.168.16.11
20 permit ip 192.168.40.0 0.0.0.255 host 192.168.16.72
30 permit ip 192.168.40.0 0.0.0.255 host 192.168.16.77
40 permit ip 192.168.40.0 0.0.0.255 host 192.168.16.45
50 permit ip 192.168.40.0 0.0.0.255 host 192.168.16.55
60 permit ip 192.168.40.0 0.0.0.255 host 192.168.16.158
70 permit ip 192.168.40.0 0.0.0.255 host 192.168.16.76
80 permit ip 192.168.40.0 0.0.0.255 host 192.168.16.252

 

route-map LHR, permit, sequence 10
Match clauses:
ip address (access-lists): LHRB
Set clauses:
ip next-hop verify-availability 172.16.3.69 10 track 1 [undefined]
ip next-hop 172.16.3.69
Policy routing matches: 439 packets, 70225 bytes

Interface Route map
Gi0/0 LHRB

Your track 1 shows undefined. Have you configured a track? Can you show that as well. YOur track state needs to be up for the PBR to work

We can't do without track?

Yes you configured a track on your PBR. So you need to configure the respective tracking object of what you are tracking in global config. If the track is down or not associated to anything then it wont work.

yes configured but still showing me in down state

Review Cisco Networking for a $25 gift card