Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4172
Views
5
Helpful
2
Replies

policy based routing with FQDN on 6500 Sup2T 15.1 9)SY6

nlg-networks123
Level 1
Level 1

‎04-16-2019 06:39 AM - edited ‎04-16-2019 06:45 AM

Hello experts.

 

I have a requirement to route some traffic out of a separate Internet gateway - aka not the default gateway.

 

Happy with access-lists and PBR generally, my quandary is this.

 

On the 6500 I configure an access-list:

ip access-list extended MIA-Bypass
permit ip #.#.#.# 0.0.0.7 host url.co.uk 

 

So I'm filtering the source to be a small subnet for test purposes and I am going to use this with a route-map with a set ip next-hop command.

 

All looks good, however when I look at the router running config I see it has translated the FQDN to a static IP address - I know the destination uses a round-robin solution for resilience with multiple address, hence this is no use to me.

 

What I hope for is to be able to use a route-map with an ACL to FQDN's - am I missing something?

 

My configuration is

 

ip access-list extended MIA-Bypass
permit ip #.#.#.# 0.0.0.7 host url.co.uk 

 

route-map MIA-Bypass permit 10
match ip address MIA-Bypass
set ip next-hop #.#.#.#

 

int vlan 902

ip policy route-map MIA-Bypass

 

However when I look back at the configuration I see the router has changed the ACL from:

ip access-list extended MIA-Bypass
permit ip #.#.#.# 0.0.0.7 host url.co.uk 

 

to:

 

ip access-list extended MIA-Bypass
permit ip #.#.#.# 0.0.0.7 host <IP address>

 

Is there a way round this, so I can use an ACL with an FQDN to use with a route-map?

 

With regards

 

Dave

 

Labels:
0 Helpful
2 Replies 2

Jaderson Pessoa
VIP Alumni
VIP Alumni

‎04-16-2019 07:26 AM

Hello,

check it, i hope that it can help you: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_acl/configuration/xe-3e/sec-data-acl-xe-3e-book/sec-cfg-fqdn-acl.html
Jaderson Pessoa
*** Rate All Helpful Responses ***

nlg-networks123
Level 1
Level 1
In response to Jaderson Pessoa

‎04-16-2019 08:35 AM

Jaderson, thankyou.

 

I have been looking at this url, I've found the command passthrou-domain-list is not recognised with our current software version - looks like I'll need a software upgrade to be able to do some of the route-maps.

 

Thanks for your time.

 

Regards

 

Dave

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card