Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
474
Views
5
Helpful
3
Replies

Policy based routing

Go to solution
khaled alodat
Level 1
Level 1

‎03-28-2017 05:00 AM - edited ‎03-08-2019 09:56 AM

Hi ,

i hope that someone can help me with this .

im planning to configure a PBR on the core switch to route traffic coming from /24 subnet to a group of subnets the can be summarize 10.128.0.0/9 for traffic on port tcp/5900 only .

the process is simple , an access list that matches the traffic and assign it to route-map . here is the problem :

from what i know , in order to use set ip next-hop a route have to exist in the routing table .

in order to use ip default next-hop the routing table must not have a route that match the policed traffic.

the summery address 10.128.0.0/9 is to match ip addresses the fall in this range . to make my case more clear . the reason i will be suing PBR is that we do have conflict in IP addresses (cannot be resolved) all the traffic to 10.0.0.0/8 must have router A as a gateway and all 10.128.0.0/9 on port 5900 must have router B as a gateway.

the 10.0.0.0/8 is NOT listed as one subnet in the routing table . we have more than 15 routes that fall in the 10.0.0.0/8 .

 so there will be no exact match between 10.128.0.0/9 and any other route but a match will be there with a smaller subnet .

after all which command do i need to use the next-hop or the dafault next-hop

I hope the problem was clear enough .

Thanks,

Khaled

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎03-28-2017 05:34 AM

You need to use "set ip next-hop ...".

When you use this command the traffic is sent to the next hop IP before the routing table is consulted although the next hop IP does need to be valid. You are in effect overriding the routing table.  And from your description, this is exactly what you want ie. if the IP falls within that range then send it to a different next hop but it it doesn't then use the IP routing table.

Is this what you were asking ?

Jon

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎03-28-2017 05:34 AM

You need to use "set ip next-hop ...".

When you use this command the traffic is sent to the next hop IP before the routing table is consulted although the next hop IP does need to be valid. You are in effect overriding the routing table.  And from your description, this is exactly what you want ie. if the IP falls within that range then send it to a different next hop but it it doesn't then use the IP routing table.

Is this what you were asking ?

Jon

0 Helpful

Go to solution
khaled alodat
Level 1
Level 1
In response to Jon Marshall

‎03-28-2017 05:47 AM

does it perform the next-hop even if there was no valid route for the required traffic in the routing table ? if yes , this is exactly what i need .

 i dont need the routing table to be involved in the decision . 

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to khaled alodat

‎03-28-2017 05:49 AM

As far as I know yes it does because the routing table is not consulted as long as the next hop IP you have used is valid ie. there is a route to that in the routing table.

Jon

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card