cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
1942
Views
0
Helpful
9
Replies
nhksocgen1
Beginner

PBR route map problem

Hi guys,

I got a problem with a route map.Traffic enters from interface gi0/1 with source 10.10.0.0/14. I am trying to ping google DNS

interface GigabitEthernet0/1

ip address x.x.x.1 255.255.255.248

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip policy route-map modems

duplex auto

speed auto

no mop enabled

route-map modems permit 10

match ip address 101

set ip next-hop y.y.0.245

access-list 101 permit ip 10.10.0.0 0.3.255.255 any log

I got the following debug output which shows me that policy is not matched:

000170: Dec 19 22:03:00.563 PCTime: IP: s=10.10.11.234 (GigabitEthernet0/1), d=8.8.8.8, len 60, FIB policy rejected(no match) - normal forwarding

Any help will be highly appreciated.

Thanks!

9 REPLIES 9
Reza Sharifi
Hall of Fame Expert

Hi,

From the PBR doc:

When the destination route exists in the routing table, normal       forwarding is used—do not policy route the packet.

R1# debug ip policy Policy routing debugging is on*Dec 4 12:50:57.363: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match*Dec 4 12:50:57.363: IP: route map blah, item 10, permit*Dec 4 12:50:57.363: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial2/0), len 100, policy rejected -- normal forwarding

http://www.cisco.com/en/US/tech/tk364/technologies_configuration_example09186a00801f3b54.shtml

HTH

I got static default route - do you think this is the problem?

If you have a default route than try using the first scenario in the link I provide and test again.

HTH

Tryed it doesn't work

Just want to add that the next hop is on the other side of a tunnel..but it doesn't matter since the route map doesn't match on gi0/1

Hi,

Remove the log keyword in the ACL.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
Julio Carvajal
Advisor

Hello Nikolay,

Is interface gig 0/1 the first interface that packet gets in? or is that the outside???

Also from where are you pinging?? A computer or the router itself?

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Hi firends,

thanks for you vaulable proposals. The problem was the ACL -for some reason it doesn't match the traffic, even I can swear in it

Anyway...what I did was instead :

match ip address 101

match interface gi0/1

So every packet entering that interface is subject to PBR.

And it worked!

Thanks once again and have a bautiful Christmas!

Hi,

If your issue is resolved, please select correct answer and to make thread resolved for community. It might help for somebody else.

Abzal

Best regards,
Abzal