Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2517
Views
16
Helpful
1
Replies

Nexus9000 deny ACLs in PBR

Francisco Manuel Garcia Garcia
Level 1
Level 1

‎09-02-2015 08:43 AM - edited ‎03-08-2019 01:36 AM

Dear.

 

I have a cisco 4500x and i need migrate to nexus 9504, but i see the Nexus 9K is not support sentences deny in the ACL within PBR, somebody have a alternative?.

 

The message output is:

SW-CORE(config-if)# e2015 Aug 16 09:27:31 SW-CORE %$ VDC-1 %$ %RPM-2-PPF_SES_VERIFY:  rpm [5948]  PPF session verify failed in client (Line card  2/VDC  NONE/UUID  366) with an error 0x4104005f(Deny is not supported on PBR. Please check your configuration.)


% Could not apply PBR route-map - Deny is not supported on PBR. Please check your configuration.
SW-CORE(config-if)# 2015 Aug 16 09:36:21 SW-CORE %$ VDC-1 %$ %RPM-2-PPF_SES_VERIFY:  rpm [5948]  PPF session verify failed in client (Line card  2/VDC  NONE/UUID  366) with an error 0x4104005f(Deny is not supported on PBR. Please check your configuration.)

 

Thank.

8 people had this problem
Labels:
0 Helpful
1 Reply 1

cfolkerts
Level 1
Level 1

‎08-15-2019 11:39 AM

First create two "permit" ACLs.  One for the traffic not using PBR and the other to permit the traffic to use PBR.  Then use a deny statement under your route-map referencing the IP addresses you would like to deny.  Second route-map statement would have the permit.  Example below.

 

IP access list PBR_DENY
 10 permit ip any 10.0.0.0/8
 20 permit ip any 192.168.0.0/24
IP access list PBR_PERMIT
 10 permit tcp 10.2.2.2 any eq www
 20 permit tcp 10.2.2.2 any eq 443

route-map PBR_TO_WEB_PROXY deny 10
 match ip address PBR_DENY
route-map PBR_TO_WEB_PROXY permit 100
match ip address PBR_PERMIT
set ip next-hop 10.255.255.1

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card