cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2091
Views
0
Helpful
5
Replies

Policy Based Routing on Catalyst 6500

SRES-DGDSI@UGA
Level 1
Level 1

Hello,

I have a problem with Policy Based Routing on a Cisco Catalyst 6500 with IOS ipservicesk9-mz.122-33.SXH2a.

I try to redirect traffic, and only that traffic, for machines with private ip address (10.10.10.0/24) to the port TCP/1111

of a server 195.x.x.1 in public ip. The principle is: my 10.10.10.0/24 machines emit traffic bound for the port

tcp/1111 to 195.x.x.1 , the PBR on the 6500 router intercepts traffic which sends it on a Linux NAT (10.10.10.2) that translate through his second interface (public) on the destination server (195.x.x.1). The NAT server can not be made ​​from 6500 but from a different machine for other reasons. The Policy Based Routing (ip policy route-map) is applied on a vlan interface, I also experimented with on a physical interface without further success.

The Linux NAT server is working properly.

Here, the Policy Based Routing (route-map) is not working. Here is the conf:

! Creation of the road-map

TST-route-map PBR permit 10

! Filtering machines

match ip address ACL-TST

! Address assignment redirect traffic (NAT server)

set ip next-hop 10.10.10.2

6500 # show ip access-list ACL-TST

Extended IP access list ACL-TST

     10 permit tcp 10.10.10.0 0.0.0.255 host 195.x.x.1 eq 1111

Have you an idea where it comes from? if you need more informations, please feel free to ask me;-)

5 Replies 5

smehrnia
Level 7
Level 7

Hi,

do you mean that your designated traffic is sent to the NAT machine by the 6500. but it doesnt reach further to 195.x.x.1?


Soroush.

Hope it Helps!

Soroush.

Hello soroushm,

Thank, no traffic is redirected from 6500 to the NAT server. I enabled the log on my ACL-TST and a tcpdump on the interface 10.10.10.2 of my NAT server, no redirected traffic is visible. I feel that this route-map doesn't work. I also have another road-map on 6500 (route redistribution) is not working also, do you think the two might be related?

Hi,

let this PBR be as it is. looks fine to me.

Try setting a static ARP entry for your next hop value  (10.10.10.2) in your switch (find out 10.10.10.2 mac address and do it), see if it works.

plz Rate if it helped,

Soroush.

Hope it Helps!

Soroush.

Hi Soroush,

Good idea ... I just tried but without success. The NAT server does not receive traffic redirexted by the 6500 PBR . I think I have a problem with my road-map, but which one?

A precision: the entire rest of the networks managed by this 6500 router is working properly.

I found a couple of complains about IOS bugs:  CSCsm08087  and   CSCsl39710.

maybe you r hitting those!

in this link: https://supportforums.cisco.com/thread/2048224

plz Rate if it helped,

Soroush.

Hope it Helps!

Soroush.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco