PBR not working while using Eigrp - Page 2

Syedalishah · ‎03-29-2024

Hi Community,

I want to configure PBR for LAN subnet as when any of the user initiate the traffic for server packet should go to the ISP-2

e.g 192.168.40.20 destined to 192.168.16.55 it should follow the ISP-2 reaming traffic should follow ISP-1

I have configured. PBR but it's not working.

When Iam taking traceroute the traffic is going from ISP-1 for the destinations that i have defined in ACL for route-map

route-map LHRB, permit, sequence 10
Match clauses:
ip address (access-lists): LHRB
Set clauses:
ip next-hop verify-availability 172.16.3.69 10 track 1 [undefined]
ip next-hop 172.16.3.69
Policy routing matches: 0 packets, 0 bytes

Extended IP access list LHRB
10 permit ip 192.168.40.0 0.0.0.255 host 192.168.16.11
20 permit ip 192.168.40.0 0.0.0.255 host 192.168.16.72
30 permit ip 192.168.40.0 0.0.0.255 host 192.168.16.77

sh ip policy

Interface Route map
Gi0/0 LHRB

LHRB-RTR#sh ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(100)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 172.16.3.69 Tu310 14 00:00:29 56 1470 0 27711
0 172.16.1.69 Tu110 13 03:45:57 40 1470 0 39005

H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 172.16.3.69 Tu310 14 00:00:29 56 1470 0 27711
0 172.16.1.69 Tu110 13 03:45:57 40 1470 0 39005

MHM Cisco World · ‎03-29-2024

Policy routing matches: 439 packets, 70225 bytes

This meaning that traffic now hit pbr and must route via next-hop you use

Share

show track

MHM

Syedalishah · ‎03-29-2024

Yes but when Iam taking trace it is still going from ISP-1

MHM Cisco World · ‎03-29-2024

Track use for route-map need config ip sla' did you config any ip sla?

MHM

Syedalishah · ‎03-29-2024

route-map LHRB, permit, sequence 10
Match clauses:
ip address (access-lists): LHRB
Set clauses:
ip next-hop verify-availability 172.16.3.69 1 track 1 [down]
Policy routing matches: 439 packets, 70225 bytes

Track 1
IP SLA 1 reachability
Reachability is Down
1 change, last change 12:10:11
Latest operation return code: Timeout
Tracked by:
Route Map 0

track 1 ip sla 1 reachability
ip sla 1
icmp-echo 192.168.3.69
frequency 10
ip sla schedule 1 life forever start-time now

David Ruess · ‎03-29-2024

There is likely your problem as I stated. Your tracked reachability is down. This needs to be in the up state to have your PBR work correctly. You need a valid UP and reachable IP address to bring up this SLA/Tracked object.

Syedalishah · ‎03-29-2024

The next hop is pingable why it showing me down?

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.3.69, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/20/24 ms

MHM Cisco World · ‎03-29-2024

icmp-echo 192.168.3.69 source-interface <interface to ISP2>

You need to specify source interface in your command

MHM

Syedalishah · ‎03-29-2024

I have specified the source interface as well but still status is down.

Set clauses:
ip next-hop verify-availability 172.16.3.69 1 track 1 [down]
Policy routing matches: 672 packets, 97240 bytes

track 1 ip sla 1 reachability
ip sla 1
icmp-echo 172.16.3.69 source-interface Tunnel310

Syedalishah · ‎03-29-2024

Now it's UP

but traffic going from ISP-1

Type escape sequence to abort.
Tracing the route to 192.168.16.55
VRF info: (vrf in name/id, vrf out name/id)
1 172.16.1.69 20 msec 20 msec 16 msec
2 192.168.3.17 20 msec 20 msec 20 msec

MHM Cisco World · ‎03-29-2024

icmp-echo 172.16.3.69 source-ip <Tunnel310-IP>

Try use ip instead of interface

MHM

MHM Cisco World · ‎04-02-2024

Sorry

This issue solve or not?

MHM

Syedalishah · ‎04-02-2024

Hi MHM,

Not yet my traffic is still going from ISP-1 when Iam taking traceroute.
But I can see some traffic matches the ACL. I have on debugging but won't
see any log.

MHM Cisco World · ‎04-02-2024

It bad news but I will run lab tomorrow check PBR with gre tunnel

Update you tomorrow with some result

Thanks for waiting

MHM