I have a cisco 4500x and i need migrate to nexus 9504, but i see the Nexus 9K is not support sentences deny in the ACL within PBR, somebody have a alternative?.
The message output is:
SW-CORE(config-if)# e2015 Aug 16 09:27:31 SW-CORE %$ VDC-1 %$ %RPM-2-PPF_SES_VERIFY: rpm  PPF session verify failed in client (Line card 2/VDC NONE/UUID 366) with an error 0x4104005f(Deny is not supported on PBR. Please check your configuration.)
% Could not apply PBR route-map - Deny is not supported on PBR. Please check your configuration. SW-CORE(config-if)# 2015 Aug 16 09:36:21 SW-CORE %$ VDC-1 %$ %RPM-2-PPF_SES_VERIFY: rpm  PPF session verify failed in client (Line card 2/VDC NONE/UUID 366) with an error 0x4104005f(Deny is not supported on PBR. Please check your configuration.)
First create two "permit" ACLs. One for the traffic not using PBR and the other to permit the traffic to use PBR. Then use a deny statement under your route-map referencing the IP addresses you would like to deny. Second route-map statement would have the permit. Example below.
IP access list PBR_DENY 10 permit ip any 10.0.0.0/8 20 permit ip any 192.168.0.0/24 IP access list PBR_PERMIT 10 permit tcp 10.2.2.2 any eq www 20 permit tcp 10.2.2.2 any eq 443
route-map PBR_TO_WEB_PROXY deny 10 match ip address PBR_DENY route-map PBR_TO_WEB_PROXY permit 100 match ip address PBR_PERMIT set ip next-hop 10.255.255.1
Inviting all network professionals in operations! We'd like to understand what would be valuable for you in a mobile application. Your response will help Cisco improve a product feature that could benefit you. Thanks!
Click here to take the sur...
Cisco’s software-defined wide area network (SD-WAN) solution allows user to quickly and seamlessly establish an overlay fabric to connect an enterprise’s data centers, branch and campus locations, as well as colocation facilities in order to imp...
1. Log into CLI of DNAC:
ssh maglev@< DNAC appliance IP> -p 2222
2. Run this curl command to get token to get member id:
curl -X POST -u admin:<admin user password> -H -V https://<CLUSTER-IP>/api/system/v1/identitymgmt/token
Enterprise Switching Business Unit is glad to announce Beta release 16.12.2 for all Catalyst 9200/9300/9400/9500/9600 and Catalyst 3650/3850 Platforms. This release is made available to allow users to test, evaluate and share fee...
Purpose of the document
This document describes the general recommendations or best practices when designing and deploying the Cisco SD-Access technology. The document assumes that the reader has a general overview of Cisco's SD-Access for Distributed C...