Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
487
Views
0
Helpful
3
Replies

Policy Based Routing from Cat 4500 to ACI

delpo40
Level 1
Level 1

‎06-03-2024 04:25 AM

Hi,

 

I am trying to policy route traffic from a 4500 switch to ACI. The 4500-ACI link is a vlan trunked L2 out. The next-hop in the route-map is a (VM - ESX) host that sits on one of these vlans, connected to ACI. The IP and mac of the host are visible to the 4500 and routing to the host works fine if the destination IP is the specified host.

However the route-map is not redirecting the traffic. The acl is correct. Are there any limitations to this set up that anyone is aware of? Does any additional config need to be carried out on the ACI side?..

Labels:
0 Helpful
3 Replies 3

paul driver
VIP
VIP

‎06-03-2024 04:38 AM

Hello
Can you post the cfg from that core switch please
sh run | in access-list
sh run | in route-map
sh ip route connected
sh ip cef <scr ip>
sh ip cef <dst ip>


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

delpo40
Level 1
Level 1
In response to paul driver

‎06-03-2024 07:05 AM

Hi -output below..

Extended IP access list Web-Filter
10 permit tcp host 10.154.66.107 any eq www
20 permit tcp host 10.154.66.107 any eq 443

!!!
route-map Web-Filter, permit, sequence 10
Match clauses:
ip address (access-lists): Web-Filter
Set clauses:
ip next-hop 172.18.129.203
!!!

#sh ip route connected | i 172.18.129
C 172.18.129.128/25 is directly connected, Vlan702
L 172.18.129.253/32 is directly connected, Vlan702

#sh ip cef 10.154.66.107
10.154.64.0/21
nexthop 172.18.131.6 TenGigabitEthernet1/6/1

SSN-C4507-CH#sh ip cef 172.18.129.203
172.18.129.203/32
attached to Vlan702

interface TenGigabitEthernet1/6/1
ip policy route-map Web-Filter

0 Helpful

paul driver
VIP
VIP
In response to delpo40

‎06-03-2024 08:13 AM

Hello
Maybe try splitting the acl into two PBR stanzas and appending a catch all 

ip access-list extended http_acl
permit tcp host 10.154.66.107 any eq www

ip access-list extended https_acl
 permit tcp host 10.154.66.107 any eq 443

route-map PBR_rm permit 
match ip address http_acl
set ip next-hop 172.18.129.203

route-map PBR_rm permit 20
match ip address https_acl
set ip next-hop 172.18.129.203

route-map PBR_rm permit 100


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents