Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
4767
Views
5
Helpful
9
Replies

Policy based routing on interface VLAN ( Core 4507R+E)

moataz_mamdouh
Level 1
Level 1

ā€Ž08-20-2014 07:19 AM - edited ā€Ž03-07-2019 08:27 PM

Hello

 

I have a serious problem on my core switch where PBR is not matching my traffic which in turn affect the source based routing I configured

for some reason i do not know the ACL is not matching my traffic 

I have many VLANs and their respective SVI are the default gateways for the computers in my network

 

ip access-list extended test
 permit ip 10.251.60.0 0.0.0.255 any

route-map test permit 10
 match ip address test
 set ip next-hop 10.250.254.190

int vlan 260

ip add 10.251.60.254 255.255.255.0

ip policy route-map test

 

route-map test, permit, sequence 10
  Match clauses:
    ip address (access-lists): test
  Set clauses:
    ip next-hop 10.250.254.190
Nexthop tracking current: 0.0.0.0
10.250.254.190, fib_nh:0,oce:0,status:0

  Policy routing matches: 0 packets, 0 bytes

 

any help is appreciated

Labels:
0 Helpful
9 Replies 9

Richard Burts
Hall of Fame
Hall of Fame

ā€Ž08-20-2014 09:31 AM

The configuration seems reasonable (which is the most that I can say since there is much that we do not know about the switch). My first question would be about the configured next hop. Is 10.250.254.190 a valid address, is it on a connected interface, and is it reachable (can you ping it)?

 

HTH

 

Rick

HTH

Rick
0 Helpful

moataz_mamdouh
Level 1
Level 1
In response to Richard Burts

ā€Ž08-20-2014 09:35 AM

Yes i can ping from any place inside the network

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to moataz_mamdouh

ā€Ž08-20-2014 10:24 AM

So can you tell me more about 10.250.254.190? Especially is it an address that is connected to an interface on the switch where you are trying to do Policy Based Routing?

 

HTH

 

Rick

HTH

Rick
0 Helpful

moataz_mamdouh
Level 1
Level 1
In response to Richard Burts

ā€Ž08-20-2014 11:20 AM

This is the IP address of the giga0/0 of a router connected to the core switch

i will tell you another thing 

local policy is working fine 

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to moataz_mamdouh

ā€Ž08-20-2014 12:23 PM

It is interesting that local policy is working fine. Does it use the same route map as the interface policy routing? Perhaps we will need to see more of the switch config to figure out what is the problem.

 

HTH

 

Rick

HTH

Rick
0 Helpful

moataz_mamdouh
Level 1
Level 1
In response to Richard Burts

ā€Ž08-20-2014 12:31 PM

yes it is using the same route-map

what configuration you want to check 

this is the IOS 

cat4500es8-universalk9.SPA.03.03.01.XO.151-1.XO1.bin

 

0 Helpful

moataz_mamdouh
Level 1
Level 1
In response to moataz_mamdouh

ā€Ž08-20-2014 12:39 PM

show ip local policy        
Local policy routing is enabled, using route map test
route-map test, permit, sequence 10
  Match clauses:
    ip address (access-lists): test
  Set clauses:
    ip next-hop 10.250.254.191
Nexthop tracking current: 0.0.0.0
10.250.254.191, fib_nh:0,oce:0,status:0

  Policy routing matches: 46 packets, 3110 bytes

 

show ip access-lists test
Extended IP access list test
    10 permit ip 10.251.60.0 0.0.0.255 any (46 matches)

0 Helpful

moataz_mamdouh
Level 1
Level 1

ā€Ž08-21-2014 03:47 AM

My problem was resolved , I had to remove a static route configured on the core switch 

 

Richard Burts
Hall of Fame
Hall of Fame
In response to moataz_mamdouh

ā€Ž08-21-2014 05:53 AM

I am glad that your problem is resolved. Thank you for posting back to the forum and telling us that it is resolved and what you did to resolve it.

 

HTH

 

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card