Route-map config: use of object-groups

frekes · ‎02-08-2010

We have a need to use PBR and route-maps in our environment. The ACL in which we reference the route map looks like

ip access-list extended Live-PBR-1
permit ip host 172.19.0.20 192.0.0.254 30.255.255.0

we have noticed that in testing we only see half the subnets as working. Consistently the odd subnets are unavailable.

We believe our testing has shown that each classfull network needs to be described and using a wildcard mask such as this doesn't work.

Q1. Can we create an object-group on our 65K 12.2(33)SXI to use in the ACL referenced by the PBR config

Q2. Is it possible to use the range command or does each network have to be described with its mask. (we have to desc quite a large range of networks)

Many thanks,

Steve

Giuseppe Larosa · ‎02-08-2010

Hello Steve,

IP ACLs use wildcard masks a bit set to 0 means must match a bit set to 1 means don't care

so an ACL like yours:

ip access-list extended Live-PBR-1
permit ip host 172.19.0.20 192.0.0.254 30.255.255.0

matches only hosts with 4 byte = 254 with any octet in 2md and third position

you may want to rewrite it as :

permit ip host 172.19.0.20 192.0.0.254 x.255.255.255

x may be 31

Hope to help

Giuseppe