cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
522
Views
5
Helpful
2
Replies
Highlighted

policy based routing with FQDN on 6500 Sup2T 15.1 9)SY6

Hello experts.

 

I have a requirement to route some traffic out of a separate Internet gateway - aka not the default gateway.

 

Happy with access-lists and PBR generally, my quandary is this.

 

On the 6500 I configure an access-list:

ip access-list extended MIA-Bypass
permit ip #.#.#.# 0.0.0.7 host url.co.uk 

 

So I'm filtering the source to be a small subnet for test purposes and I am going to use this with a route-map with a set ip next-hop command.

 

All looks good, however when I look at the router running config I see it has translated the FQDN to a static IP address - I know the destination uses a round-robin solution for resilience with multiple address, hence this is no use to me.

 

What I hope for is to be able to use a route-map with an ACL to FQDN's - am I missing something?

 

My configuration is

 

ip access-list extended MIA-Bypass
permit ip #.#.#.# 0.0.0.7 host url.co.uk 

 

route-map MIA-Bypass permit 10
match ip address MIA-Bypass
set ip next-hop #.#.#.#

 

int vlan 902

ip policy route-map MIA-Bypass

 

However when I look back at the configuration I see the router has changed the ACL from:

ip access-list extended MIA-Bypass
permit ip #.#.#.# 0.0.0.7 host url.co.uk 

 

to:

 

ip access-list extended MIA-Bypass
permit ip #.#.#.# 0.0.0.7 host <IP address>

 

Is there a way round this, so I can use an ACL with an FQDN to use with a route-map?

 

With regards

 

Dave

 

Everyone's tags (2)
2 REPLIES 2
Rising star

Re: policy based routing with FQDN on 6500 Sup2T 15.1 9)SY6

Hello,

check it, i hope that it can help you: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_acl/configuration/xe-3e/sec-data-acl-xe-3e-book/sec-cfg-fqdn-acl.html
Jaderson Pessoa
*** Rate All Helpful Responses ***

Re: policy based routing with FQDN on 6500 Sup2T 15.1 9)SY6

Jaderson, thankyou.

 

I have been looking at this url, I've found the command passthrou-domain-list is not recognised with our current software version - looks like I'll need a software upgrade to be able to do some of the route-maps.

 

Thanks for your time.

 

Regards

 

Dave

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards