12-19-2012 02:38 PM - edited 03-07-2019 10:42 AM
Hi guys,
I got a problem with a route map.Traffic enters from interface gi0/1 with source 10.10.0.0/14. I am trying to ping google DNS
interface GigabitEthernet0/1
ip address x.x.x.1 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip policy route-map modems
duplex auto
speed auto
no mop enabled
route-map modems permit 10
match ip address 101
set ip next-hop y.y.0.245
access-list 101 permit ip 10.10.0.0 0.3.255.255 any log
I got the following debug output which shows me that policy is not matched:
000170: Dec 19 22:03:00.563 PCTime: IP: s=10.10.11.234 (GigabitEthernet0/1), d=8.8.8.8, len 60, FIB policy rejected(no match) - normal forwarding
Any help will be highly appreciated.
Thanks!
12-19-2012 02:48 PM
Hi,
From the PBR doc:
When the destination route exists in the routing table, normal forwarding is used—do not policy route the packet.
R1# debug ip policy Policy routing debugging is on*Dec 4 12:50:57.363: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match*Dec 4 12:50:57.363: IP: route map blah, item 10, permit*Dec 4 12:50:57.363: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial2/0), len 100, policy rejected -- normal forwarding
http://www.cisco.com/en/US/tech/tk364/technologies_configuration_example09186a00801f3b54.shtml
HTH
12-19-2012 02:56 PM
I got static default route - do you think this is the problem?
12-19-2012 03:12 PM
If you have a default route than try using the first scenario in the link I provide and test again.
HTH
12-19-2012 03:25 PM
Tryed it doesn't work
12-19-2012 04:22 PM
Just want to add that the next hop is on the other side of a tunnel..but it doesn't matter since the route map doesn't match on gi0/1
12-20-2012 03:14 AM
Hi,
Remove the log keyword in the ACL.
Regards.
Alain
Don't forget to rate helpful posts.
12-19-2012 04:40 PM
Hello Nikolay,
Is interface gig 0/1 the first interface that packet gets in? or is that the outside???
Also from where are you pinging?? A computer or the router itself?
Regards
12-24-2012 09:54 PM
Hi firends,
thanks for you vaulable proposals. The problem was the ACL -for some reason it doesn't match the traffic, even I can swear in it
Anyway...what I did was instead :
match ip address 101
match interface gi0/1
So every packet entering that interface is subject to PBR.
And it worked!
Thanks once again and have a bautiful Christmas!
12-24-2012 10:15 PM
Hi,
If your issue is resolved, please select correct answer and to make thread resolved for community. It might help for somebody else.
Abzal
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide