Solved: Enabling Local PBRPackets

greenplague · ‎06-09-2014

Hi,

what is the reason for not having any match, in the acl for the route-map?

Current configuration : 1731 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 192.168.0.1 255.255.255.0
!
interface Loopback1
ip address 192.168.1.1 255.255.255.0
!
interface Loopback200
ip address 196.0.0.1 255.255.255.0
!
interface FastEthernet0/0
ip address 195.0.0.1 255.255.255.0

ip policy route-map r_teste
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 10.0.0.2 255.255.255.252
serial restart-delay 0
!
interface Serial1/1
ip address 172.16.0.2 255.255.255.252
serial restart-delay 0
clock rate 128000
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
!
router bgp 100
no synchronization
bgp log-neighbor-changes
network 192.168.0.0
network 192.168.1.0
neighbor 10.0.0.1 remote-as 200
neighbor 172.16.0.1 remote-as 300
no auto-summary
!
ip http server
no ip http secure-server
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 172.16.0.1
!
!
!
access-list 40 permit any
!
route-map anuncia1 permit 20
match ip address 20
!
route-map anuncia0 permit 10
match ip address 10
!
route-map r_teste permit 10
match ip address 40
set ip default next-hop 10.0.0.1
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end

R2#ping 192.168.55.1 source 195.0.0.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.55.1, timeout is 2 seconds:
Packet sent with a source address of 195.0.0.1
.....
Success rate is 0 percent (0/5)
R2#sh access-lists
Standard IP access list 10
    10 permit 192.168.0.0, wildcard bits 0.0.0.255
Standard IP access list 20
    10 permit 192.168.1.0, wildcard bits 0.0.0.255
Standard IP access list 30
    10 permit 195.0.0.0, wildcard bits 0.0.0.255
Standard IP access list 40
    10 permit any
Extended IP access list 100
    10 permit ip any 192.168.55.0 0.0.0.255
R2#

is possible without changing the bgp?

thanks

johnlloyd_13 · ‎06-10-2014

hi,

you should be testing or pinging behind R2.

View solution in original post

johnlloyd_13 · ‎06-10-2014

hi,

you should be testing or pinging behind R2.

paul driver · ‎06-10-2014

Hello

In your post , A match is made on each stanza with just a match statement defined by an acl and that traffic is routed normally

The route-map stanza with a set statement, Policy Based Routing is initiated relating to the matched acl

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

syed kazim abbas · ‎06-10-2014

Default PBR:

All packets received on an interface (ingress) with PBR enabled are entertained, first they should match through ACL then forward to next hop. if a match is exist (through ACL) but not forward to next hop then do nothing this packet especially for ICMP packet.

I think you need Local PBR:

Packets that are generated by the router are not normally policy-routed. To enable local PBR for such packets, indicate which route map the router should use by using the following command in global configuration mode:

ip local policy route-map TEST

Regards,

kazim

Route map no match