So those are just your test

Mokhalil82 · ‎10-10-2015

Hi

I have configured a pbr to match certain subnets to use a different subnet as their next hop, but when applying this, it seems to match all traffic coming in on the interface and not just the specified subnets, traceroute shows all traffic using the next hop on the PBR.

The site the traffic is coming from is a directly connected site through a P2P link

My PBR config is as follows:

ip access-list extended TEST_SUBNETS_FC

permit ip 10.10.50.0 0.0.0.255 any

permit ip 10.10.51.0 0.0.0.255 any

permit ip 10.10.52.0 0.0.0.255 any

Route-map REDIRECT_TEST_SUBNET_FC permit 10

match ip address TEST_SUBNET_FC

set ip next-hop 10.40.50.1

I then apply this to the incoming interface:

ip policy route-map REDIRECT_TEST_SUBNET_FC

Thanks

Jon Marshall · ‎10-10-2015

So those are just your test subnets ?

If so that configuration should only apply to those subnets.

Jon

Mokhalil82 · ‎10-10-2015

Yes those are the test subnets, but all traffic goes over the new WAN instead of just those subnets

Jon Marshall · ‎10-10-2015

Shouldn't do with the configuration.

If that is the case then can you -

1) enable "debug ip policy" on the router

2) try from a test subnet IP and save the output

3) try from a normal subnet IP and save output

and post back here.

Jon

Mokhalil82 · ‎10-10-2015

Hi Jon

Seems to be working now. I changed the named access-list to a numbered access-list and that worked. Not sure why it would not work with the named list. But hey, im just glad it's working :-)

Thanks for the advice

Jon Marshall · ‎10-10-2015

No problem.

Glad to hear it's working.

Jon

PBR matching all traffic