Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
879
Views
5
Helpful
9
Replies

"d=255.255.255.255 (nil)" result in PBR

Go to solution
robad
Level 1
Level 1

‎07-19-2022 04:54 AM - last edited on ‎07-25-2022 04:09 AM by Community Manager

Hi,

I'm having some other open post that still running for another aspect of the issue.

Here I want to know what is this issue :

I'm having policy based route from Group-A to Group-B

I've run the command

debug ip policy

and I'm getting some strange result........

 

Pings between groups are not working....

When trying "traceroute" from some host in no matters which group, even to it's gateway [that ping is working], this is the result :

 

 

 

 

IP: s=43.43.43.20 (Vlan140), d=255.255.255.255 (nil), len 70, policy rejected -- normal forwarding IP: s=43.43.43.20 (Vlan140), d=255.255.255.255 (nil), len 70, policy rejected -- normal forwarding IP: s=43.43.43.20 (Vlan140), d=255.255.255.255 (nil), len 70, policy rejected -- normal forwarding IP: s=43.43.43.20 (Vlan140), d=255.255.255.255 (nil), len 70, policy rejected -- normal forwarding IP: s=43.43.43.20 (Vlan140), d=255.255.255.255 (nil), len 70, policy rejected -- normal forwarding

 

 

 

 

 The very strange thing is : d=255.255.255.255 (nil)

never saw it. 

 

Here is my config :

 

 

Extended IP access list A-to-B
10 permit ip 43.43.43.0 0.0.0.255 40.40.40.0 0.0.0.255
Extended IP access list A-to-any
10 permit ip 43.43.43.0 0.0.0.255 any

Extended IP access list B-to-A
10 permit ip 40.40.40.0 0.0.0.255 43.43.43.0 0.0.0.255
Extended IP access list B-to-any
10 permit ip 40.40.40.0 0.0.0.255 any

route-map A sequence 5
match ip add A-to-B
set ip next-hop 40.40.40.1

route-map A sequence 10
match ip add A-to-any
set ip next-hop [IT uplink address]


route-map B sequence 5
match ip add B-to-A
set ip next-hop 43.43.43.1

route-map B sequence 10
match ip add B-to-any
set ip next-hop [IT uplink address]

 

 

And of course that the ip-policy applied on the Vlans

 

BTW - I'm running : 

The 9600 is : 9606R

Version : (CAT9K_IOSXE), Version 17.3.4

Which I've asked about it here : https://community.cisco.com/t5/routing/pbr-bug-did-it-fixes-in-bagaluru-version/m-p/4649425#M369875

 

Thanks in advance 

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
MHM Cisco World
VIP
VIP

‎07-19-2022 05:04 AM

you config is excellent except some point 
in Core SW you need only one VLAN for example VLAN 100
you all VLAN in trunk between access SW and Core
you need to add VLAN 100 to access SW also.
Now do routing policy or doing static route toward the SVI of VLAN 100 in core
and that it.

one more point
please select different VLAN number in both Access SW I see VLAN 20 in both Acces SW that wrong.

View solution in original post

0 Helpful
9 Replies 9

Go to solution
MHM Cisco World
VIP
VIP

‎07-19-2022 05:04 AM

you config is excellent except some point 
in Core SW you need only one VLAN for example VLAN 100
you all VLAN in trunk between access SW and Core
you need to add VLAN 100 to access SW also.
Now do routing policy or doing static route toward the SVI of VLAN 100 in core
and that it.

one more point
please select different VLAN number in both Access SW I see VLAN 20 in both Acces SW that wrong.

0 Helpful

Go to solution
robad
Level 1
Level 1

‎07-19-2022 05:25 AM

Hi !

1. I must leave now so I'll read it more carefully tomorrow, but , just mentioning, that now IT IS WORKING in our old setup [with 6500] 
2. What do you call the core sw ? the 9600 ?
3. (and about Vlan 20, it's a type, I've changed it in the draw - thanks )

Go to solution
MHM Cisco World
VIP
VIP
In response to robad

‎07-19-2022 05:31 AM

Yes Core SW is 9600
and please can I see the PBR you use

0 Helpful

Go to solution
robad
Level 1
Level 1
In response to MHM Cisco World

‎07-19-2022 07:17 AM

MHM, The config can be found here [copied from the original message] :

Extended IP access list A-to-B
10 permit ip 43.43.43.0 0.0.0.255 40.40.40.0 0.0.0.255
Extended IP access list A-to-any
10 permit ip 43.43.43.0 0.0.0.255 any

Extended IP access list B-to-A
10 permit ip 40.40.40.0 0.0.0.255 43.43.43.0 0.0.0.255
Extended IP access list B-to-any
10 permit ip 40.40.40.0 0.0.0.255 any

route-map A sequence 5
match ip add A-to-B
set ip next-hop 40.40.40.1

route-map A sequence 10
match ip add A-to-any
set ip next-hop [IT uplink address]


route-map B sequence 5
match ip add B-to-A
set ip next-hop 43.43.43.1

route-map B sequence 10
match ip add B-to-any
set ip next-hop [IT uplink address]
0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to MHM Cisco World

‎07-20-2022 08:36 AM

I am not clear what the issue about PBR is. But I believe that we can address one aspect of the original post. The references to 255.255.255.255 are equivalent to the broadcast address and are the result of logic in the acl that matches "any" such as this

10 permit ip 43.43.43.0 0.0.0.255 any 

HTH

Rick
0 Helpful

Go to solution
robad
Level 1
Level 1
In response to Richard Burts

‎07-21-2022 12:39 AM

Thanks Richard for the clarification

0 Helpful

Go to solution
robad
Level 1
Level 1

‎07-21-2022 12:41 AM

Hi,

Thanks @MHM Cisco World  @Richard Burts for your replies

At the end, we've chose to use a different vlan for routing between labs, and keep route-maps only for outgoing packets to IT

Thanks a lot !

 

BTW -

Can someone help with this question ?

 https://community.cisco.com/t5/routing/pbr-bug-did-it-fixes-in-bagaluru-version/m-p/4649425#M369875

 

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to robad

‎07-21-2022 07:10 AM

Thanks for the update. Glad that you have something that works for you.

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card