cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
155
Views
0
Helpful
9
Replies
Highlighted
Beginner

ip policy route-map question

Hello All,

 

I have a question in regards to PBR. I want to NAT traffic out using a route-map and want to know what to expect once applied to an interface. Configuration below.

 

access-list 187 permit ip host 10.0.60.40 any log
access-list 187 permit ip host 10.0.60.41 any log

!

route-map MIAMI permit 10
match ip address 187
set ip default next-hop 10.0.12.5 <-- FW will NAT

!

interface TenGigabitEthernet2/3.3060
description MIAMI
encapsulation dot1Q 3060
ip address 10.0.60.1 255.255.255.0
ip policy route-map MIAMI  <-- will this block all traffic except 10.0.0.60.40 and .41? or it will allow all traffic to flow and only match .40 and .41 to the next-hop? I have 50+ devices using 10.0.60.x subnet but need .40 and .41 to NAT out.

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Guru

Re: ip policy route-map question

 

Any traffic not matched in your PBR configuration is just routed normally so it won't be blocked and it will be routed based on the IP routing table. 

 

Jon

9 REPLIES 9
Hall of Fame Guru

Re: ip policy route-map question

 

Any traffic not matched in your PBR configuration is just routed normally so it won't be blocked and it will be routed based on the IP routing table. 

 

Jon

Beginner

Re: ip policy route-map question

Thanks Jon. This is the answer I was looking for. 

Rising star

Re: ip policy route-map question

access-list 187 permit ip host 10.0.60.40 any log
access-list 187 permit ip host 10.0.60.41 any log

!

route-map MIAMI permit 10
match ip address 187
set ip default next-hop 10.0.12.5 <-- FW will NAT

 

interface TenGigabitEthernet2/3.3060
description MIAMI


encapsulation dot1Q 3060
ip address 10.0.60.1 255.255.255.0
ip policy route-map MIAMI <-- will this block all traffic except 10.0.0.60.40 and .41? or it will allow all traffic to flow and only match .40 and .41 to the next-hop? I have 50+ devices using 10.0.60.x subnet but need .40 and .41 to NAT out.

 

If there arent explicit route in your routing table to reach address in acl 187, they will use your PBR because you are using set ip default next-hop 10.0.12.5

 

But, the address in acl 187 is directly connect on interface TenGigabitEthernet2/3.3060,your PBR wont be used.

 

 

more information: https://books.google.com.br/books?id=z5f4BQAAQBAJ&pg=PA309&dq=PBR+set+ip+default&hl=pt-BR&sa=X&ved=0ahUKEwimxPTNwrTgAhUTAtQKHTTaAikQ6AEIQzAD#v=onepage&q=PBR%20set%20ip%20default&f=false

Jaderson Pessoa
*** Rate All Helpful Responses ***
Hall of Fame Guru

Re: ip policy route-map question

 

Why will PBR not be used for those IPs ? 

 

Jon

Rising star

Re: ip policy route-map question

If there arent any explicit route in your routing table to reach address in acl 187, they will use your PBR because you are using set ip default next-hop 10.0.12.5

 

But, the address in acl 187 is directly connect on interface TenGigabitEthernet2/3.3060,your PBR wont be used.

If you need use it, remove default word

 


pbr.JPG

Jaderson Pessoa
*** Rate All Helpful Responses ***
Hall of Fame Guru

Re: ip policy route-map question

 

It does not matter if the IPs are in the same IP subnet as the interface IP, all that matters is that the PBR is applied to the incoming interface for the traffic. 

 

Unless I am misunderstanding you ? 

 

Jon

Rising star

Re: ip policy route-map question

you has wrong. sorry.
Jaderson Pessoa
*** Rate All Helpful Responses ***
Hall of Fame Guru

Re: ip policy route-map question

 

Sorry, don't follow, are you saying what I put was wrong ?

 

Jon

Hall of Fame Guru

Re: ip policy route-map question

 

Just to clarify in case you think it was wrong. 

 

You are getting confused between source and destination IPs in the acl and you are not really understanding how PBR works. 

 

Jon

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards