09-22-2011 07:28 PM - edited 03-07-2019 02:23 AM
plc-sw-core#en
plc-sw-core#sh
plc-sw-core#show ip ro
plc-sw-core#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 10.252.0.1 to network 0.0.0.0
S 192.168.74.0/24 [1/0] via 10.252.0.1
116.0.0.0/32 is subnetted, 1 subnets
S 116.212.202.21 [1/0] via 10.252.0.1
S 192.168.150.0/24 [1/0] via 10.252.0.1
S 192.168.128.0/24 [1/0] via 10.252.0.1
S 192.168.160.0/24 [1/0] via 10.252.0.1
S 192.168.131.0/24 [1/0] via 10.252.0.1
S 192.168.140.0/24 [1/0] via 10.252.0.1
S 192.168.201.0/24 [1/0] via 10.252.0.1
10.0.0.0/8 is variably subnetted, 35 subnets, 6 masks
C 10.11.1.0/24 is directly connected, Vlan71
C 10.255.10.254/32 is directly connected, Loopback0
C 10.10.1.0/24 is directly connected, Vlan70
C 10.10.2.0/24 is directly connected, Vlan69
C 10.15.1.0/24 is directly connected, Vlan19
C 10.7.0.0/24 is directly connected, Vlan5
C 10.5.0.0/16 is directly connected, Vlan10
S 10.20.1.0/24 [1/0] via 10.5.50.60
C 10.100.0.40/32 is directly connected, Loopback140
C 10.100.0.41/32 is directly connected, Loopback141
C 10.100.0.38/32 is directly connected, Loopback138
C 10.100.0.39/32 is directly connected, Loopback139
C 10.100.0.36/32 is directly connected, Loopback136
C 10.100.0.37/32 is directly connected, Loopback137
C 10.100.0.34/32 is directly connected, Loopback134
C 10.83.21.0/24 is directly connected, Vlan110
C 10.100.0.35/32 is directly connected, Loopback135
C 10.83.20.0/24 is directly connected, Vlan111
C 10.100.0.32/32 is directly connected, Loopback132
C 10.100.0.33/32 is directly connected, Loopback133
S 10.82.0.0/16 [1/0] via 10.252.0.1
C 10.83.0.0/24 is directly connected, Vlan109
C 10.100.0.15/32 is directly connected, Loopback115
C 10.100.1.0/24 is directly connected, Loopback1
C 10.100.0.30/32 is directly connected, Loopback130
C 10.100.0.31/32 is directly connected, Loopback131
C 10.1.120.0/22 is directly connected, Vlan101
C 10.100.0.25/32 is directly connected, Loopback125
C 10.1.124.0/22 is directly connected, Vlan102
C 10.1.136.0/21 is directly connected, Vlan105
C 10.1.128.0/22 is directly connected, Vlan103
C 10.1.132.0/22 is directly connected, Vlan104
C 10.1.145.0/24 is directly connected, Vlan108
C 10.1.144.0/24 is directly connected, Vlan106
C 10.252.0.0/29 is directly connected, GigabitEthernet1/23
72.0.0.0/32 is subnetted, 1 subnets
S 72.233.89.198 [1/0] via 10.7.0.252
C 192.168.0.0/24 is directly connected, Vlan107
C 192.168.1.0/24 is directly connected, Vlan113
S 192.168.69.0/24 [1/0] via 10.252.0.1
C 192.168.222.0/24 is directly connected, Vlan112
203.153.247.0/32 is subnetted, 1 subnets
S 203.153.247.130 [1/0] via 10.7.0.252
S* 0.0.0.0/0 [1/0] via 10.252.0.1
plc-sw-core# show ip access-lists
Standard IP access list 1
10 permit 10.5.50.13
Standard IP access list 2
10 permit 10.5.50.57
20 permit 10.5.50.56
30 permit 10.5.50.58
40 permit 10.5.50.55
Standard IP access list 3
10 permit 10.5.50.29
20 permit 10.5.50.30
30 permit 10.5.50.21
40 permit 10.5.50.9
Extended IP access list 101
10 permit ip any host 203.33.253.43 (7167 matches)
Extended IP access list 102
10 permit ip host 10.5.6.70 any
20 permit ip host 10.5.6.72 any
30 permit ip host 10.5.6.76 any
40 permit ip host 10.5.6.78 any
50 permit ip host 10.5.50.204 any (4626 matches)
60 permit tcp host 10.5.1.37 any eq www
70 permit tcp host 10.5.1.37 any eq 443
80 permit tcp host 10.5.1.37 any eq 3389
Extended IP access list 103
10 permit ip host 10.1.139.63 any (907 matches)
20 permit ip host 192.168.222.2 any (145 matches)
Extended IP access list 104
10 permit ip host 10.83.0.200 any
plc-sw-core#show route-map
route-map WCCP, permit, sequence 10
Match clauses:
ip address (access-lists): 104
Set clauses:
ip next-hop 10.7.0.252
Policy routing matches: 0 packets, 0 bytes
route-map JoshTest, permit, sequence 10
Match clauses:
ip address (access-lists): 102
Set clauses:
ip next-hop 10.7.0.252
Policy routing matches: 249813 packets, 27628256 bytes
route-map DefPathViaScotch, permit, sequence 10
Match clauses:
ip address (access-lists): 2
Set clauses:
ip next-hop 10.252.0.1
Policy routing matches: 0 packets, 0 bytes
route-map DefPathViaScotch, permit, sequence 20
match clauses:
ip address (access-lists): 101
Set clauses:
ip next-hop 10.252.0.1
Policy routing matches: 0 packets, 0 bytes
route-map PLCWebsiteViaPix, permit, sequence 10
Match clauses
ip address (access-lists): 101
Set clauses:
ip next-hop 10.252.0.1
Policy routing matches: 0 packets, 0 bytes
route-map MobileDevicesToProxy, permit, sequence 10
Match clauses:
ip address (access-lists): 103
Set clauses:
ip next-hop 10.5.50.21
Policy routing matches: 1052 packets, 80497 bytes
route-map DefPathViaPLC, permit, sequence 10
Match clauses:
ip address (access-lists): 3
Set clauses:
ip next-hop 10.7.0.252
Policy routing matches: 0 packets, 0 bytes
route-map ichat, permit, sequence 10
Match clauses
ip address (access-lists): 1
Set clauses:
ip next-hop 10.7.0.252
Policy routing matches: 0 packets, 0 bytes
route-map PLCWebsiteViaDirect, permit, sequence 10
Match clauses:
ip address (access-lists): 101
Set clauses:
ip next-hop 10.7.0.252
Policy routing matches: 7167 packets, 947237 bytes
to me this config is only allowing data from the 10.5 networks to be routed out to next hop of 10.7.0.252 and all else blocked? but everything else will get blocked?
09-22-2011 10:19 PM
To me there is more to it, the acl 101 allow any traffic to 203.33.253.43
Extended IP access list 101
10 permit ip any host 203.33.253.43 (7167 matches)
route-map DefPathViaScotch, permit, sequence 20
match clauses:
ip address (access-lists): 101
Set clauses:
ip next-hop 10.252.0.1
Policy routing matches: 0 packets, 0 bytes
r
oute-map PLCWebsiteViaPix, permit, sequence 10
Match clauses
ip address (access-lists): 101
Set clauses:
ip next-hop 10.252.0.1
route-map PLCWebsiteViaDirect, permit, sequence 10
Match clauses:
ip address (access-lists): 101
Set clauses:
ip next-hop 10.7.0.252
Policy routing matches: 7167 packets, 947237 bytes
And acl 103 also allow other subnets other than 10.5.x.x
Extended IP access list 103
10 permit ip host 10.1.139.63 any (907 matches)
20 permit ip host 192.168.222.2 any (145 matches)
Extended IP access list 104
10 permit ip host 10.83.0.200 any
Cheers,
Fabio
09-23-2011 02:21 AM
Hi,
ACL 101 is for Policy-base routing : if the destination is 203.33.253.43 then forward towards next-hop 10.252.0.1
but is it necessary as the default static route already points towards this next-hop.So you are process switching traffic going to this destination instead of cef switching and so you have a performance downgrade.
Furthermore where are these route-maps applied and why use the same next-hop to go to scotch or Pix?
We are missing infos such as sh run interface and sh run | i policy to really know what this is achieving.
Regards.
Alain.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide