Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1800
Views
0
Helpful
2
Replies

route-map set ip next-hop

CompuVision Admin
Level 1
Level 1

‎04-10-2011 05:39 PM - edited ‎03-04-2019 12:02 PM

If I use a route-map to mark certain traffic and then set ip next-hop on that traffic, then use a route-map to NAT that traffic, can I match based on Interface even though I set the ip next-hop?

In other words when using set ip next-hop will that also imply set interface FE0/FE1 etc?

E.g

FastEthernet0

10.10.10.1

FastEthernet1

10.20.20.1

ip nat inside source route-map nat-map1 pool pri-servers-pool overload

interface Vlan1

ip policy route-map map1

service-policy input mark mark-traffic

ip access-list extended sec-traffic

     permit ip any any dscp 1

route-map map1

     match ip address sec-traffic

     set ip next-hop verify-availability 10.10.10.254 track 1

     set ip next-hop verify-availability 10.20.20.254 track 2

route-map nat-map1

     match ip address sec-traffic

     MATCH INTERFACE FastEthernet0

class http-traffic

match protocol http host "*youtube.com*"

policy-map mark-traffic

     class http-traffic

          set ip dscp 1

Labels:
0 Helpful
2 Replies 2

Richard Burts
Hall of Fame
Hall of Fame

‎04-10-2011 06:33 PM

It is a bit difficult to formulate a good answer that is complete and accurate to your question. So I will say that there are multiple questions inherent in what you are asking and I would answer them this way:

- yes using set next-hop is inherently setting the outbound interface.

- yes you can use a route map to translate traffic and match interface in the route map.

The tricky part is getting your configuration to have the expected behavior. The easy part is that if the traffic arrives on VLAN1 and matches the access list you will attempt to set the next hop to 10.10.10.254. If that is successful then the traffic is forwarded out FastEther0 and will be translated.

But what if the traffic arrives on VLAN1, matches the access list, but the track1 indicates that 10.10.10.254 is not available. So the route map sets the next hop as 10.20.20.254. Now the traffic will be forwarded out interface FastEther1. The existing config will not translate that traffic. Is that the expected behavior?

HTH

Rick

HTH

Rick
0 Helpful

CompuVision Admin
Level 1
Level 1
In response to Richard Burts

‎04-10-2011 07:11 PM

Thanks for the reply.

That is not the intended behaviour. I'm working a Dual ISP Failover configuration with some PBR to split certain traffic. The above config is not complete, just what I thought was releveant to the question at hand.

Based on your reply, it sounds like what I'm attempting should work.

I'm just getting a bit confused on the traffic flow order when trying to do route failover, nat & PBR.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card