Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2330
Views
0
Helpful
9
Replies

PBR route map problem

nhksocgen1
Level 1
Level 1

‎12-19-2012 02:38 PM - edited ‎03-07-2019 10:42 AM

Hi guys,

I got a problem with a route map.Traffic enters from interface gi0/1 with source 10.10.0.0/14. I am trying to ping google DNS

interface GigabitEthernet0/1

ip address x.x.x.1 255.255.255.248

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip policy route-map modems

duplex auto

speed auto

no mop enabled

route-map modems permit 10

match ip address 101

set ip next-hop y.y.0.245

access-list 101 permit ip 10.10.0.0 0.3.255.255 any log

I got the following debug output which shows me that policy is not matched:

000170: Dec 19 22:03:00.563 PCTime: IP: s=10.10.11.234 (GigabitEthernet0/1), d=8.8.8.8, len 60, FIB policy rejected(no match) - normal forwarding

Any help will be highly appreciated.

Thanks!

Labels:
0 Helpful
9 Replies 9

Reza Sharifi
Hall of Fame
Hall of Fame

‎12-19-2012 02:48 PM

Hi,

From the PBR doc:

When the destination route exists in the routing table, normal       forwarding is used—do not policy route the packet.

R1# debug ip policy Policy routing debugging is on*Dec 4 12:50:57.363: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match*Dec 4 12:50:57.363: IP: route map blah, item 10, permit*Dec 4 12:50:57.363: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial2/0), len 100, policy rejected -- normal forwarding

http://www.cisco.com/en/US/tech/tk364/technologies_configuration_example09186a00801f3b54.shtml

HTH

0 Helpful

nhksocgen1
Level 1
Level 1
In response to Reza Sharifi

‎12-19-2012 02:56 PM

I got static default route - do you think this is the problem?

0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame
In response to nhksocgen1

‎12-19-2012 03:12 PM

If you have a default route than try using the first scenario in the link I provide and test again.

HTH

0 Helpful

nhksocgen1
Level 1
Level 1
In response to Reza Sharifi

‎12-19-2012 03:25 PM

Tryed it doesn't work

0 Helpful

nhksocgen1
Level 1
Level 1
In response to nhksocgen1

‎12-19-2012 04:22 PM

Just want to add that the next hop is on the other side of a tunnel..but it doesn't matter since the route map doesn't match on gi0/1

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to nhksocgen1

‎12-20-2012 03:14 AM

Hi,

Remove the log keyword in the ACL.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni

‎12-19-2012 04:40 PM

Hello Nikolay,

Is interface gig 0/1 the first interface that packet gets in? or is that the outside???

Also from where are you pinging?? A computer or the router itself?

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

nhksocgen1
Level 1
Level 1
In response to Julio Carvajal

‎12-24-2012 09:54 PM

Hi firends,

thanks for you vaulable proposals. The problem was the ACL -for some reason it doesn't match the traffic, even I can swear in it

Anyway...what I did was instead :

match ip address 101

match interface gi0/1

So every packet entering that interface is subject to PBR.

And it worked!

Thanks once again and have a bautiful Christmas!

0 Helpful

Abzal
Level 7
Level 7
In response to nhksocgen1

‎12-24-2012 10:15 PM

Hi,

If your issue is resolved, please select correct answer and to make thread resolved for community. It might help for somebody else.

Abzal

Best regards,
Abzal
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card