Hi Jon,

Apologies - there was a lot in the other posts and when i looked at the tech info Rick pointed me to I think I misinterpreted it.

I must have cut and paste the other command (ip local policy route-map) in inadverently adding to the confusion as I know the policy need to be applied as you pointed out.

I will re-attempt using the as suggested using the 'set ip default next-hop x.x.x.x' command.

Thank you,

Andy

Andy

As Jon points out set ip default next-hop will get the results that you want and remove the need to the deny statement in your access list. Also as several have pointed out the ip local policy command will only affect packets generated by the router itself. To have it work on the user traffic you need to configure ip policy on the interface of the router that will receive that user traffic.

And one small detail about your access list is that you left out a mask after the first network and the access list as configured would not work.

 deny ip 10.122.37.0 10.122.0.0 0.0.127.255

HTH

Rick

Thank you Rick!!

Having a stressful old time with last minute changes to requirements atm.  The help from yourself, Jon and Peter is hugely appreciated :o)

Andy

Hi Jon,

The policy needs applying across multiple hop.  The Path I want the traffic to take is as follows:

H:\>tracert 10.72.183.129

Tracing route to 10.72.183.129 over a maximum of 30 hops

  1    <1 ms    <1 ms     1 ms  10.122.37.254
  2    <1 ms    <1 ms    <1 ms  10.122.47.110
  3    <1 ms    <1 ms    <1 ms  10.122.112.102
  4    <1 ms    <1 ms    <1 ms  10.122.31.138
  5     1 ms     1 ms     1 ms  10.122.31.22
  6     3 ms    <1 ms    <1 ms  10.122.112.126

So I need to apply the policy at each hop.

regarding using the "set ip default next-hop x.x.x.x" statement, the default route in our routing table looks like this:

D*EX 0.0.0.0/0 [170/31232] via 10.122.47.110, 05:42:03, GigabitEthernet1/48

(this was taken from the 6509 switch that is at the first hop.

Will the "set ip default next-hop x.x.x.x" statement/command allow the switches/routers to recognise that this is the default route?

Thank you!

Andy

Andy

It's not clear exactly what the topology of your network is.

It is also not clear as to whether each next hop needs PBR applied ie. it depends on their default routes and where they are pointing to.

In some cases it is enough to simply divert the traffic once and then the other devices will route correctly but if those other devices have a default route you don't want to use then yes you may well need to use PBR all along the path.

In terms of your route output, yes that is a default route and it should not be used ie. your next hop IP in your PBR configuration should be used instead.

Jon 

Thanks Jon!

much appreciated.

Basically, we just have three sites connected by dual routers in a triangle with a switch LAN enivronment at each site.  The 'catch all' route at the bottom of the routing table is distirbuted throughout the whole network and the routing table looks pretty much the same on every device.

Thanks for this:

'In terms of your route output, yes that is a default route and it should not be used ie. your next hop IP in your PBR configuration should be used instead'

I'm hoping that'll do the trick if that is the case - i.e. everything from 10.122.107.0/24 will use the routing table apart from the traffic destined for other networks.

Off to the data centre now to implement... I normally do more planning but this requirement came out of nowhere!

Cheers,

Andy

************************** think i've embedded junk again below... cut and paste on this window seemed to do this!************

Andy,

I may be overly tied to this idea but let me ask once again: Instead of configuring the PBR on each hop, would it not be easier to configure a GRE tunnel between the router that hosts the "relocated" network and the B's network, and do the PBR just at the tunnel endpoint?

Best regards,
Peter

Hi Peter,

I think the GRE tunnel sounds like a really solution.  I used PBR at each hop + default next-hop command and this worked.  I will revisit and try your method when I have more time.

Big thanks for your input,

Andy