Route-map issue

jason.davis · ‎09-27-2011

I have some specific traffic that I am attempting to pull off of VLAN 310 at the router, apply a route-map that sends this specific traffic back down to the switch on VLAN 55 (and the private address) and once it hits the switch apply a route-map on that VLAN 55 interface directing the same traffic over to the 72.x.x.9 address which goes through a FAP box back up to the router on another interface. I have attached the config information, I know this isnt the best practice way to do this however right now this is how I have to do this.

When runing a trace from the net traffic stops at .2 and when running a trace from my test /30 it stops at .2 as well. I am not sure what to do at this point, I totally appreciate the help.

Router:

interface GigabitEthernet0/0.310

description Upstream VLAN

encapsulation dot1Q 310

ip address 66.x.x.2 255.255.255.224

ip policy route-map mobiles_up_reroute

standby 31 ip 66.x.x.1

standby 31 priority 220

standby 31 preempt

access-list 108 remark Mobile Upstream Redirect

access-list 108 permit ip any 66.x.x.12 0.0.0.3

route-map mobiles_up_reroute permit 10

description mobiles upstream reroute

match ip address 108

set ip next-hop 172.1.1.2 (created a 0/0.55 with 172.1.1.1 for this)

This is supposed to send the traffic (my test /30) back down to the switch and then through the FAP box and back up to another interface on the router.

Switch:

interface Vlan55

description Mobiles Upstream | G0/0.55 8.3.13 Rtr

ip address 172.1.1.2 255.255.255.248

ip policy route-map mobiles_up

access-list 8 remark Mobile Upstream

access-list 8 permit 66.x.x.12 0.0.0.3

route-map mobiles_up permit 10

description mobiles upstream reroute

match ip address 8

set ip next-hop 72.x.x.9 (supposed to go through the appropiate VLAN to the FAP box back up to the router on another interface)

Again, I appreciate any help from everyone.

thanks,

Jason

Richard Burts · ‎09-27-2011

Jason

I do not understand clearly the topology of your network - and the use of x.x in the addressing makes it difficult to be sure of the relationship of some addresses. But I believe that the biggest problem is in the construction of the access list on the router. Since the route map is placed inbound on the interface where the traffic arrives I would expect the access list to select on source address. But your access list permits all sources and permits only a /30 subnet of destination - which appears to be within the subnet of the interface.

HTH

Rick

Sent from Cisco Technical Support iPad App

HTH

Rick

jason.davis · ‎09-28-2011

Rick,

I appoligize for not being specific enough, I have included a quick drawing to reference as well.

The traffic flow for all traffic is going:

Protocol Processor (VLAN310) ------> SW -----> Rtr (VLAN 310) -----> Rtr (VLAN1) -------> SW (out to net)

I am trying to catch the specif traffic and for testing im using 66.151.170.12 /30:

Protocol Processor (VLAN310) ------> SW -----> Rtr (VLAN 310) ----> Rtr (Rte-Map to 172.1.1.2) -----> SW(VLAN55) ----> SW (Rte-Map to VLAN 5 which the FAP box is on and address 72.5.96.9 which is the 0/1 on the Rtr) -----> Rtr (VLAN5) ------>Rtr (VLAN1) -----> SW (out to net)

I also opted to edit the map on the router and point it to my border routers and the problem remained the same, my /30 was black holed and obviously all my other users and traffic stayed functional.

I hope this helps clarify a bit.

thanks,

Jason

cadet alain · ‎09-29-2011

Hi Jason,

Could you clarify some points for me.

It is the router doing the routing and the switch is acting at L2?

if so the SVI on the switch is for management?

You want traffic for internet to be diverted to FAP box which is routing and will send traffic to switch then internet?

Regards.

Alain.

Don't forget to rate helpful posts.

jason.davis · ‎09-29-2011

1. It is the router doing the routing and the switch is acting at L2?

For this function the router is doing the routing and the switch is acting at L2.

2.if so the SVI on the switch is for management?

Yes, I however added the VLAN 55 to route the traffic back down to the switch so I can then take it to VLAN 5 and into the FAP box and back up to the router on the 0/1 interface.

3.You want traffic for internet to be diverted to FAP box which is routing and will send traffic to switch then internet?

Yes, I am trying to pull it from the router back down to the switch and then into the FAP box and back up to the router on the 0/1 interface.

thanks,

Jason

cadet alain · ‎09-29-2011

Hi,

Yes, I am trying to pull it from the router back down to the switch and then into the FAP box and back up to the router on the 0/1 interface.

Then it goes to internet? if so why not divert it to FAP from router f0/1 then back to switch then internet?

Regards.

Alain.

Don't forget to rate helpful posts.

jason.davis · ‎09-29-2011

The down stream traffic goes into the FAP the way your suggesting, I am under the impression for the traffic to be FAP'd on the up and down that it has to go back upstream through the interface that is connected to the switch.

Also, still wondering why when I altered the map on the .310 interface to point out to my border I still couldnt get out, did I fat finger / typo something in my router map on the router?