cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
767
Views
0
Helpful
10
Replies
Highlighted
Beginner

Policy Based Routing to modify default route

Hi all,

I have an issue that I am trying to overcome in that I need to modify the default route on two servers in my server farm. We are in the process of changing routing with our ISP but I have two serves that need to keep the old routing as that passes through an older firewall. I think I should be able to do this with PBR but seem to be missing something  as I set it up to use the existing routing as a test and when I implement I break the connections. Here is basically what I have.

                  

access-list 190 permit ip host 172.16.4.53 any

access-list 190 permit ip host 172.16.4.193 any

route-map pbr permit 10
match ip address 190
set ip next-hop 172.16.11.26

When I want to activate I add the following to my VLAN interface

   ip policy route-map pbr

The 172.16.11.26 is my current default route so figure this would not break anything. The 4.53 address is my exchange server and when I apply it to the VLAN, I loose connectivity from the client. Do I need to clear the IP routing table after I apply this to my VLAN? I figured this should be pretty simple as I though I was not really changing anything in regards to routing.

Brent

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Participant

Policy Based Routing to modify default route

Next-hop checks for the existence in the routing table of the next hop specified. If it exists, that's where it sends it.

If it doesn't, then it checks the routing table for the destination address.

Default next hop checks for the existence of the destination address first.

View solution in original post

10 REPLIES 10
Beginner

Policy Based Routing to modify default route

OK .. I tried changing the ACL to a standard ACL thinking that was my issue but still not working. I am still breaking the connections ... as soon as I remove the policy from my VLAN connectivity is re-established.

access-list 12 permit 172.16.4.53

Brent

Advisor

Policy Based Routing to modify default route

Hi,

traffic not matching ACL 190 will use the RIB default route, so when you do the PBR you've gotno more internet access for every machine or just the hosts in the ACL ?

Can you do debug ip policy and post the output.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
Beginner

Policy Based Routing to modify default route

Alain,

How do I debug the policy? Debug IP policy and debug IP policy 12 have returned nothing. Same holds true for debug route-map api.

This is on a 4500x switch.

Brent

Participant

Policy Based Routing to modify default route

So the Exchange server continues to access the internet but clients cannot access it?

Are the clients on a different subnet(s) than the server?

If so, use 'set ip default next-hop' command instead. This will check the local routing table before policy routing. If the destination exists locally, it will route it correctly.

Beginner

Policy Based Routing to modify default route

Yes the clients are on different subnets.

I will give the set ip default next-hop a try and will advise. I thought that the next-hop also checked the table but guess it is more of a hard coded thing.

Thanks ...

Participant

Policy Based Routing to modify default route

Next-hop checks for the existence in the routing table of the next hop specified. If it exists, that's where it sends it.

If it doesn't, then it checks the routing table for the destination address.

Default next hop checks for the existence of the destination address first.

View solution in original post

Beginner

Policy Based Routing to modify default route

Robert,

set ip default next hop seems to be working. At least I have not lost the connection to my server from the client when I applied the policy to my VLAN.

Thanks ...

How do I complete the debug as the debug IP policy commands have so far returned nothing.

Brent

Participant

Policy Based Routing to modify default route

It should show output when something is policy routed. Did you do term mon or sh logging to see if there was anything in there?

Advisor

Policy Based Routing to modify default route

Hi,

enable

terminal monitor

conf t

logging monitor 7

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
Advisor

Policy Based Routing to modify default route

Hi,

set ip next-hop doesn't check the RIB and set ip default next-hop will only work if you haven't got a longest match route so even with a default route it won't hit the first statement and will use the RIB default route.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards