cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1466
Views
0
Helpful
4
Replies

PBR question

arell1234
Level 1
Level 1

Hello,

I am working on setting up some Policy based routing on my router. I need the subnet 172.16.208.0/24 to use 172.16.208.22 as the default gateway for traffic destined only to subnet 172.16.20.0/22. Traffic from 172.16.208.0/24 to anywhere else can use the default routing table. Here is what I have configured

 

access-list 101 permit ip 172.16.208.0 0.0.0.255 172.16.20.0 0.0.3.255

 

route-map 208to20 permit 15
match policy-list 101
set ip next-hop 172.16.208.22

 

interface FastEthernet0/1.6
encapsulation dot1Q 6
ip address 172.16.208.21 255.255.255.0
ip policy route-map 208to20
no snmp trap link-status
no cdp enable

 

When I have this configured like this the I can get connectivity from the 172.16.20.0/22 to 172.16.208.0/24 but all the other networks are now unable to reach 172.16.208.0/24. It looks likes its sending all the traffic to the next hop IP address I have set, regardless of the destination network. 

 

Here is some debugging that I turned on. Looks like its matching when it shouldn't be?

 

.Aug 20 19:56:56.030 PDT: IP: s=172.16.208.3 (FastEthernet0/1.6), d=172.16.5.191, len 60, FIB policy match
.Aug 20 19:56:56.030 PDT: IP: s=172.16.208.3 (FastEthernet0/1.6), d=172.16.5.191, len 60, policy match
.Aug 20 19:56:56.030 PDT: IP: route map 208to20, item 15, permit
.Aug 20 19:56:56.030 PDT: IP: s=172.16.208.3 (FastEthernet0/1.6), d=172.16.5.191 (FastEthernet0/1.6), len 60, policy routed
.Aug 20 19:56:56.030 PDT: IP: FastEthernet0/1.6 to FastEthernet0/1.6 172.16.208.22
.Aug 20 19:57:00.609 PDT: IP: s=172.16.208.3 (FastEthernet0/1.6), d=172.16.5.191, len 60, FIB policy match
.Aug 20 19:57:00.609 PDT: IP: s=172.16.208.3 (FastEthernet0/1.6), d=172.16.5.191, len 60, policy match
.Aug 20 19:57:00.609 PDT: IP: route map 208to20, item 15, permit

 

Any thoughts? 

1 Accepted Solution

Accepted Solutions

Hello arell1234,

your route-map configuration should use match ip address 101 as match command

 

route-map 208to20 permit 15

no match policy-list 101

match ip address 101

set ip next-hop 172.16.208.22

 

 

 

Hope to help

Giuseppe

 

View solution in original post

4 Replies 4

rishrapsody1
Level 1
Level 1

Can you please share output of  show route-map for the route-map created?

 

Also, please share your routing table output - show ip route

#show route-map
route-map 208to20, permit, sequence 15
Match clauses:
IP Policy lists:
101
Set clauses:
ip next-hop 172.16.208.22
Policy routing matches: 72 packets, 5712 bytes

 

#show access-list 101
Extended IP access list 101
10 permit ip 172.16.208.0 0.0.0.255 172.16.20.0 0.0.3.255

 

#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is 172.16.36.22 to network 0.0.0.0

208.49.240.0/29 is subnetted, 1 subnets
B 208.49.240.40 [20/0] via 172.20.1.37, 3w2d
199.77.246.0/30 is subnetted, 4 subnets
B 199.77.246.80 [20/0] via 172.20.1.37, 3w2d
B 199.77.246.28 [20/0] via 172.20.1.37, 3w2d
B 199.77.246.24 [20/0] via 172.20.1.37, 3w2d
B 199.77.246.20 [20/0] via 172.20.1.37, 3w2d
199.77.247.0/30 is subnetted, 5 subnets
B 199.77.247.80 [20/0] via 172.20.1.37, 3w2d
B 199.77.247.40 [20/0] via 172.20.1.37, 3w2d
B 199.77.247.32 [20/0] via 172.20.1.37, 3w2d
B 199.77.247.240 [20/0] via 172.20.1.37, 3w2d
B 199.77.247.236 [20/0] via 172.20.1.37, 3w2d
159.63.0.0/16 is variably subnetted, 4 subnets, 2 masks
B 159.63.19.248/30 [20/0] via 172.20.1.37, 3w2d
B 159.63.19.232/30 [20/0] via 172.20.1.37, 3w2d
B 159.63.101.178/32 [20/0] via 172.20.1.37, 3w2d
B 159.63.34.107/32 [20/0] via 172.20.1.37, 3w2d
172.16.0.0/16 is variably subnetted, 24 subnets, 3 masks
C 172.16.208.0/24 is directly connected, FastEthernet0/1.6
B 172.16.210.0/24 [20/0] via 172.20.1.37, 3w2d
B 172.16.205.0/24 [20/0] via 172.20.1.37, 1d16h
B 172.16.206.0/24 [20/0] via 172.20.1.37, 3w2d
B 172.16.207.0/24 [20/0] via 172.20.1.37, 3w2d
B 172.16.200.0/22 [20/0] via 172.20.1.37, 3w2d
B 172.16.44.0/22 [20/0] via 172.20.1.37, 1w5d
B 172.16.40.0/22 [20/0] via 172.20.1.37, 3w2d
C 172.16.36.0/22 is directly connected, FastEthernet0/1
B 172.16.32.0/22 [20/0] via 172.20.1.37, 3w2d
B 172.16.28.0/22 [20/0] via 172.20.1.37, 3w2d
B 172.16.16.0/22 [20/0] via 172.20.1.37, 1d13h
B 172.16.12.0/22 [20/0] via 172.20.1.37, 1d16h
B 172.16.8.0/22 [20/0] via 172.20.1.37, 3w2d
B 172.16.4.0/22 [20/0] via 172.20.1.37, 3w2d
B 172.16.0.0/22 [20/0] via 172.20.1.37, 3w2d
S 172.16.0.0/16 [150/0] via 172.16.36.22
B 172.16.120.0/22 [20/0] via 172.20.1.37, 3w2d
B 172.16.100.0/22 [20/0] via 172.20.1.37, 3w2d
S 172.16.96.0/22 [1/0] via 172.16.36.22
B 172.16.88.0/22 [20/0] via 172.20.1.37, 3w2d
B 172.16.76.0/22 [20/0] via 172.20.1.37, 3w2d
B 172.16.72.0/22 [20/0] via 172.20.1.37, 2d21h
B 172.16.64.0/22 [20/0] via 172.20.1.37, 3w2d
172.20.0.0/30 is subnetted, 15 subnets
B 172.20.1.132 [20/0] via 172.20.1.37, 3w2d
B 172.20.1.40 [20/0] via 172.20.1.37, 3w2d
B 172.20.1.44 [20/0] via 172.20.1.37, 3w2d
B 172.20.1.32 [20/0] via 172.20.1.37, 3w2d
C 172.20.1.36 is directly connected, FastEthernet0/0
B 172.20.1.28 [20/0] via 172.20.1.37, 3w2d
B 172.20.1.16 [20/0] via 172.20.1.37, 3w2d
B 172.20.1.8 [20/0] via 172.20.1.37, 3w2d
B 172.20.1.12 [20/0] via 172.20.1.37, 3w2d
B 172.20.1.4 [20/0] via 172.20.1.37, 3w2d
B 172.20.1.100 [20/0] via 172.20.1.37, 3w2d
B 172.20.1.88 [20/0] via 172.20.1.37, 3w2d
B 172.20.1.72 [20/0] via 172.20.1.37, 3w2d
B 172.20.1.76 [20/0] via 172.20.1.37, 3w2d
B 172.20.1.64 [20/0] via 172.20.1.37, 3w2d
209.130.198.0/28 is subnetted, 1 subnets
B 209.130.198.64 [20/0] via 172.20.1.37, 3w2d
208.50.228.0/25 is subnetted, 1 subnets
B 208.50.228.128 [20/0] via 172.20.1.37, 1d02h
S 192.168.251.0/24 [150/0] via 172.16.20.22
192.233.250.0/30 is subnetted, 1 subnets
B 192.233.250.68 [20/0] via 172.20.1.37, 3w2d
10.0.0.0/24 is subnetted, 3 subnets
B 10.60.40.0 [20/0] via 172.20.1.37, 3w2d
B 10.60.2.0 [20/0] via 172.20.1.37, 3w2d
B 10.60.0.0 [20/0] via 172.20.1.37, 3w2d
B 192.168.0.0/24 [20/0] via 172.20.1.37, 3w2d
192.233.137.0/30 is subnetted, 1 subnets
B 192.233.137.148 [20/0] via 172.20.1.37, 3w2d
S* 0.0.0.0/0 [1/0] via 172.16.36.22

Hello arell1234,

your route-map configuration should use match ip address 101 as match command

 

route-map 208to20 permit 15

no match policy-list 101

match ip address 101

set ip next-hop 172.16.208.22

 

 

 

Hope to help

Giuseppe

 

This worked, thanks
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: