04-28-2010 02:56 AM - edited 03-06-2019 10:50 AM
Im trying to define ACL's for use in policy based routing
problem is i need to specify 2 ACLs,
one that puts traffic from 10.5.0.1 to 10.5.0.6 destination 172.17.0.0/24 through hop 10.4.0.1
and another that puts 10.5.0.7 to 10.5.0.12 destination 172.17.0.0/24 through hop 10.4.0.2
How do i do this with ACLs? I did:
access-list 101 permit ip 10.5.0.1 0.0.0.7 172.17.0.0 0.0.0.255
access-list 102 permit ip 10.5.0.7 0.0.0.7 172.17.0.0 0.0.0.255
both both result in ACL:
access-list 102 permit ip 10.5.0.0 0.0.0.7 172.17.0.0 0.0.0.255
any idea how to do this?
following are the route-maps:
route-map customers permit1
match ip address 101
set ip next-hop 10.4.0.1
route-map customers permit2
match ip address 102
set ip next-hop 10.4.0.2
Thanks in advance!
04-28-2010 03:24 AM
Im trying to define ACL's for use in policy based routing
problem is i need to specify 2 ACLs,
one that puts traffic from 10.5.0.1 to 10.5.0.6 destination 172.17.0.0/24 through hop 10.4.0.1
and another that puts 10.5.0.7 to 10.5.0.12 destination 172.17.0.0/24 through hop 10.4.0.2
How do i do this with ACLs? I did:
access-list 101 permit ip 10.5.0.1 0.0.0.7 172.17.0.0 0.0.0.255
access-list 102 permit ip 10.5.0.7 0.0.0.7 172.17.0.0 0.0.0.255
both both result in ACL:
access-list 102 permit ip 10.5.0.0 0.0.0.7 172.17.0.0 0.0.0.255
any idea how to do this?
following are the route-maps:
route-map customers permit1
match ip address 101
set ip next-hop 10.4.0.1
route-map customers permit2
match ip address 102
set ip next-hop 10.4.0.2
Thanks in advance!
Hi,
You want two separate network to flow with separet next hops if yes try with these ACL and share the results
access-list 101 permit ip 10.5.0.0 0.0.0.7 172.17.0.0 0.0.0.255
access-list 101 permit ip 10.5.0.7 255.255.255.255 172.17.0.0 0.0.0.255
access-list 102 permit ip 10.5.0.8 0.0.0.7 172.17.0.0 0.0.0.255
Check out the below link on PBR also for more information
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a008009481d.shtml
Hope to Help !!
Ganesh.H
Remember to rate the helpful post
04-28-2010 03:54 AM
Hi Ganesh!
It gave me this result:
access-list 101 permit ip 10.5.0.0 0.0.0.7 172.17.0.0 0.0.0.255
access-list 101 permit ip any 172.17.0.0 0.0.0.255
access-list 102 permit ip 10.5.0.8 0.0.0.7 172.17.0.0 0.0.0.255
Which is not precisely what i wanted, but at least 10.5.0.8 0.0.0.7 is now shown.
It should start at 10.5.0.7 though.
The second line pretty much negates the other lines, so that needs changing. However if i remove it (no access-list 101 permit ip any 172.17.0.0 0.0.0.255
) it removes the entire access list.
Is there any other way?
04-28-2010 03:58 AM
Hi Ganesh!
It gave me this result:
access-list 101 permit ip 10.5.0.0 0.0.0.7 172.17.0.0 0.0.0.255
access-list 101 permit ip any 172.17.0.0 0.0.0.255
access-list 102 permit ip 10.5.0.8 0.0.0.7 172.17.0.0 0.0.0.255Which is not precisely what i wanted, but at least 10.5.0.8 0.0.0.7 is now shown.
It should start at 10.5.0.7 though.
The second line pretty much negates the other lines, so that needs changing. However if i remove it (no access-list 101 permit ip any 172.17.0.0 0.0.0.255
) it removes the entire access list.Is there any other way?
Hi,
If you see my previous post in first line host 1 to 6 will come and second line was for single host that is 10.5.0.7 and acl 102 is for network 10.0.5.8/29
Ganesh.H
04-28-2010 04:01 AM
Yes, but this:
access-list 101 permit ip 10.5.0.7 255.255.255.255 172.17.0.0 0.0.0.255
gives this in show run:
access-list 101 permit ip any 172.17.0.0 0.0.0.255
Which means access list 102 will never apply to anything will it? since "any" covers everything.
Thanks!
04-28-2010 04:14 AM
Yes, but this:
access-list 101 permit ip 10.5.0.7 255.255.255.255 172.17.0.0 0.0.0.255
gives this in show run:
access-list 101 permit ip any 172.17.0.0 0.0.0.255
Which means access list 102 will never apply to anything will it? since "any" covers everything.
Thanks!
Hi,
It's really starnge can you try with below option :-
1) try configure named acl for extended and type the first network and second line with permit ip host 10.5.0.7 172.17.0.0 0.0.0.255
or
2) Try configure 3 ACL one for host 1 to 6, one for host 7 and lastly for 8 to 14
HTH
Ganesh.H
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide