Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1467
Views
10
Helpful
5
Replies

Quick PBR question

Go to solution
the-lebowski
Level 4
Level 4

‎11-17-2017 10:28 AM - edited ‎03-08-2019 12:47 PM

I have PBR setup to route a specific VLAN out a different gateway and this is what I configured to do it:

ip access-list extended PBR-ACL
permit ip 10.66.66.0 0.0.0.255 any

route-map PBR-RM permit 10
match ip address PBR-ACL
set ip next-hop 10.66.0.4

interface Vlan234
ip address 10.66.66.1 255.255.255.0
ip policy route-map PBR-RM

That routes all traffic to the next hop which I don't want, I just want internet bound traffic routed there.  But I am not sure how to change it so that lets say all 10.0.0.0/8 traffic is not PBR'd (sent to default gateway) and everything else gets the next hop 10.66.0.4.  

 

Is that possible? 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to the-lebowski

‎11-17-2017 11:31 AM

Yes using set ip next-hop will route all packets coming into the interface using the specified next hop. Using set ip default next-hop will use special routing with the specified next hop only for traffic using the default gateway and all local traffic will be routed normally using the local routing table.

 

HTH


Rick

HTH

Rick

View solution in original post

5 Replies 5

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎11-17-2017 11:08 AM

There are a couple of ways that you could solve this.

- one option would be to change the set statement in the route map. Instead of set ip next-hop you could set ip default next-hop. This would allow your switch to use normal routing for local traffic and to use the PBR specified default route for Internet traffic.

- the other option is to change the ACL used for PBR. insert into your ACL deny statements for local destinations before the permit any. It might look something like this

deny ip 10.66.66.0 0.0.0.255 10.0.0.0 0.255.255.255

deny ip 10.66.66.0 0.0.0.255 172.16.0.0 0.15.255.255

deny ip 10.66.66.0 0.0.0.255 192.168.0.0 0.0.255.255

permit ip 10.66.66.0 0.0.0.255 any

 

HTH

 

Rick

HTH

Rick

Go to solution
the-lebowski
Level 4
Level 4
In response to Richard Burts

‎11-17-2017 11:25 AM - edited ‎11-17-2017 11:28 AM

Thanks man, I will give those a shot and see what happens. 

 

The difference between ip default next-hop and ip next-hop is the latter will send all traffic vs using the local routing table?

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to the-lebowski

‎11-17-2017 11:31 AM

Yes using set ip next-hop will route all packets coming into the interface using the specified next hop. Using set ip default next-hop will use special routing with the specified next hop only for traffic using the default gateway and all local traffic will be routed normally using the local routing table.

 

HTH


Rick

HTH

Rick

Go to solution
the-lebowski
Level 4
Level 4
In response to Richard Burts

‎11-17-2017 03:32 PM

Thanks Richard, worked like a charm by just changing to 'ip default next-hop xx.xx.xx.xx' on the route map.  

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to the-lebowski

‎11-19-2017 06:26 AM

Thanks for posting back to the forum to confirm that my suggestion to use set ip default next-hop did solve your problem. And thanks for marking this discussion as solved. Most people are familiar with using set ip next-hop for PBR but not so many are familiar with set ip default next-hop. But as you demonstrate sometimes that is the exactly right thing to achieve their requirement. Your post will help more people know about this.

 

HTH

 

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents