Re:need help about applying route-map and redirecting the traff

Dr.X · ‎12-25-2012

hi ,

i have the topology below:

i have cisco 7600 MLS as router

at the left switch it is cisco 2960

as you see from the image , we have two links between cisco 2960 * cisco 7600 as router .

note that the gateway of all the users is only through the link Gi1/1 of MLS .

i just want to make a policy and apply it on Gi1/1 of the MLS 7600 router ,

i want to match an access list , if it is matched , i want to MLS 7600 to forward the traffic out of Gi/3

if it didnt match , i want the traffic to go back and enter the interface of Gi1/2 of the MLS 7600 .

my question is , can i do it by ip policy & route map ???

note the arrow in the image above , it indicates the direction of the traffic ,

notw i just want to traffic to go from Gi1/1 and enter interface Gi1/2 if the traffic not matched .

plz suggest and help

regards

Ahmad

sammy_bibs · ‎12-25-2012

Hiho'

The links between the 2960 & MLS, are they layer 2 both sides? The reason I ask is if they are then STP will be blocking one of these links (assuming they are on the same or both Trunking for the same Vlans) therefore GE1/2 will be blocked at one end.

The best way I could see to archive something like you are trying to do is, on the MLS configure your access list to match the allowed destination/s out of port GE1/3 on the MLS;

Access-list 100 permit IP any 10.20.30.0 0.0.0.255 log

The above assumes access to the whole 10.20.30.X network is allowed.

Use a route-map to allow this and catch 'other' traffic and send it to the next hop router and onward;

Route-map FILTER permit 10
Match IP address 100
Set IP next-hop x.x.x.x. #the IP of the far end of GE1/13

Now the best way I could think of all the traffic you want sent back is to use the routing table to manipulate it as as sending it back to the 2960 may prove frivolous is STP is blocking. That and it also seems like a waste of bandwidth.

However;

Route-map FILTER permit 20
Set interface GI 1/1

The above will send it back (maybe)

Route-filters work on ingress.

It would help if you explained why you wanted this traffic to loop round the other interface.

Sam.

Sent from Cisco Technical Support Android App

Dr.X · ‎12-25-2012

hi ,

thanks for your reply ,

i just want to correct u , the MLS is workin as a router , and the 2960g is working as a switch .

i mean , no block ports will be between the MLS and the 2960 switch ,

about the waste of bw , relative to me , its not a problem , because i have 1G ethernet .

but my question is , will it succeed if i performed route map and poicy on G i1/1

and typed

set ip next-hop to Gi1/2

will this will succedd ???? i mean will the traffic go back to switych 2960 and enter to Gi/2 of MLS ???? or it will fail ???

i just asked here becuasde i want to apply it on a production network

regards

sammy_bibs · ‎12-26-2012

Heya,

but my question is , will it succeed if i performed route map and poicy on G i1/1

and typed

set ip next-hop to Gi1/2

The above will just send the traffic back to the 2960 switch out of the G1/2 interface on the MLS. What the switch will do with it is hard to say without a better understanging of you topology.

Scenario 1 - seperate VLANS

If these ports are in seperate VLANS on the 2960 switch then it will just be flooded on the new vlan, but it will not come back in on the Gi1/2 interface as the 2960 will recive the packet ingress on Gi1/2 and the recieved packet will be send out of all interfaces partisipating in that VLAN except the one it was recived on.

Scenario 2 - same VLAN

If the 2960 has both connected ports to the MLS in the same VLAN then I am sure the MLS must have it's ports connecting to the 2960 as access or trunk ports. I say this as if you have them both as routed ports then you would not be able to put the correct IP addresses on them without an overlap (IOS will not allow this)

Could you please show us the following outputs that will help us undertang the topology, or explain how each end is configured for the two links. Incluing any sub-interface configurations.

From the 2960 switch

#show vlan brief

#show spanning-tree

#show interface gi1/1

#show interface gi1/2

#show interface trunk

On the MLS

#show interface gi1/1

#show interface g1/2

Cheers,

Sam.

Dr.X · ‎12-26-2012

hi mr sam , the topology is very complicated and the figure above doesnt describe my reall scenario , i just drawed it so that i could explain my issue .

now lets go back to ur questions :

now lets go to MLS as a router , deal it as a router because no spanning tree on MLS .

i will tell you what i want to do .

as you see from the graph above there is a server , which is the quid cache server .

i want to connec it to interface Gi/4 of MLS .

also i have two isps connected to the same MLS.

and i want to apply a policy that direct some users to isp1 and the other users to isp2 .

if i applied the ( policy & the cache redirect ) on the same interface of MLS , my cisco 7600 router will have a high cpu 100%

but if i applied the ip policy on seperate interface and applied the cache redirect in to another intrface it will solve the issue .

================

my goal is to use the policy on GI1/1 and the redirecting to cache on Gi1/2

=====================

note that the two subnets of MLS on GI1/1 & Gi1/2 are is the same vlan .

but today , i made a policy and set the next hop to be the ip of gi1/2 , but it failed !!!!

i have a console msg

*Dec 26 12:37:41.212: % Warning: Next hop address is our address

any other suggestions ?

need help about applying route-map and redirecting the traffic back