02-25-2017 11:39 PM - edited 03-05-2019 08:06 AM
Hello Friends,
First let me explain you about my topology, 5 vpc connecting to a switch and switch is connecting to LAN router and the router is connected to ISP router. In ISP router there are 4 loopback addresses and two connected ethernet interface using EIGRP.
I'm doing PBR based on source. I have created two access-list with the numbers 10 and 30
R1(config)#access-list 10 permit host 10.1.1.2
R1(config)#access-list 10 permit host 10.1.1.3
R1(config)#access-list 30 permit host 10.1.1.4
R1(config)#access-list 30 permit host 10.1.1.5
R1(config)#exit
Below is my route-map configs:
R1#sh route-map
route-map AJAZ, permit, sequence 10
Match clauses:
ip address (access-lists): 10
Set clauses:
ip next-hop 1.1.1.2
Policy routing matches: 15 packets, 1470 bytes
route-map AJAZ, permit, sequence 20
Match clauses:
ip address (access-lists): 30
Set clauses:
interface Ethernet1/0
Policy routing matches: 5 packets, 490 bytes
route-map AJAZ, permit, sequence 30
Match clauses:
Set clauses:
Policy routing matches: 0 packets, 0 bytes
I have mentioned the policy in LAN interface f0/0
R1#sh running-config interface f0/0
Building configuration...
Current configuration : 115 bytes
!
interface FastEthernet0/0
ip address 10.1.1.1 255.0.0.0
ip policy route-map AJAZ
duplex auto
speed auto
end
Turned on debug ip policy
When i am trying to ping from VPC 10.1.1.2, 10.1.1.3 to loopback 12.0.0.1. Its working fine according to Policy based routing. Below is the output.
R1#
*Mar 1 01:30:05.371: IP: s=10.1.1.2 (FastEthernet0/0), d=12.0.0.1, len 84, FIB policy match
*Mar 1 01:30:05.371: IP: s=10.1.1.2 (FastEthernet0/0), d=12.0.0.1, g=1.1.1.2, len 84, FIB policy routed
R1#
*Mar 1 01:30:53.915: IP: s=10.1.1.3 (FastEthernet0/0), d=12.0.0.1, len 84, FIB policy match
*Mar 1 01:30:53.915: IP: s=10.1.1.3 (FastEthernet0/0), d=12.0.0.1, g=1.1.1.2, len 84, FIB policy routed
Now here comes the real problem : when i am ping from other hosts ( i.e. 10.1.1.4 and 10.1.1.5 ) my packet is getting dropped for 10.1.1.4 but the policy is working fine. Here's is the output.
PC4> ping 12.0.0.1 --> from 10.1.1.4
12.0.0.1 icmp_seq=1 timeout
12.0.0.1 icmp_seq=2 timeout
12.0.0.1 icmp_seq=3 timeout
*Mar 1 01:32:44.107: IP: s=10.1.1.5 (FastEthernet0/0), d=12.0.0.1, len 84, FIB policy match
*Mar 1 01:32:44.107: IP: s=10.1.1.5 (FastEthernet0/0), d=12.0.0.1, len 84, policy match
*Mar 1 01:32:44.111: IP: route map AJAZ, item 20, permit
PC5> ping 12.0.0.1 --> from 10.1.1.5 ( It's pinging fine but the policy is getting rejected )
84 bytes from 12.0.0.1 icmp_seq=1 ttl=254 time=21.002 ms
84 bytes from 12.0.0.1 icmp_seq=2 ttl=254 time=21.002 ms
*Mar 1 01:33:41.215: IP: s=10.1.1.6 (FastEthernet0/0), d=12.0.0.1, len 84, FIB policy match
*Mar 1 01:33:41.219: IP: s=10.1.1.6 (FastEthernet0/0), d=12.0.0.1, len 84, FIB policy rejected - normal forwarding
Can someone please help me on this ? Did I misconfigured anything route-filtering method ( ACL or Route-map) ? Do i need to use any extra statement in ACL or Route-Map ?
I have attached my topology. Please have a look for better understanding.
Thanks,
Ajaz Ahmed
02-26-2017 11:28 AM
Sorry, but what equipment (model/firmware version) you are speaking of ?
02-26-2017 05:54 PM
Oh! I'm sorry I forgot to mention that. Its Cisco 3600 Software (C3640-JK9O3S-M), Version 12.4(16a).
02-26-2017 07:34 PM
OK. You has been off-topic in Additional communities. I moved your question to the better place.
02-26-2017 07:59 PM
Thank You.
02-26-2017 10:55 PM
Finally i got the solution for my problem.
set interface
Sets output interface for the packet. This action specifies that the packet is forwarded out of the local interface. The interface must be a Layer 3 interface (no switchports), and the destination address in the packet must lie within the IP network assigned to that interface. If the destination address for the packet does not lie within that network, the packet is dropped.
I was trying to access the different network rather than the network assigned on the interface. I used next-hop address and it was working fine.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide