Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3570
Views
0
Helpful
3
Replies

Route Map is not working

lajan jaleel
Level 1
Level 1

‎11-26-2014 02:21 PM - edited ‎03-07-2019 09:40 PM

Dear Team,

We are configuring route map in 4506 chassis. Please find the config.

 

access-list 150 deny ip any 10.0.0.0 0.255.255.255
access-list 150 deny ip any 172.16.0.0 0.15.255.255
access-list 150 deny ip any 192.168.0.0 0.0.255.255
access-list 150 permit ip host 192.168.1.91 any
access-list 150 deny ip any any
!
route-map NAT-PBR permit 10
 match ip address 150
 set ip next-hop 192.168.1.4

interface vlan 100
ip address 192.168.1.1 255.255.255.0
ip policy route-map NAT-PBR

ip route 0.0.0.0 0.0.0.0 192.168.5.1

 

 

We can see ACL are hitting and route map is also hotting but the IP address is not going through the specified hop. Its still taking the default route.

 

Kindly advise on this.

 

Thanks

Labels:
0 Helpful
3 Replies 3

Kevin86
Level 1
Level 1

‎11-27-2014 02:51 AM

Hi.

 

What IP is the host trying to reach? If the destination IP falls within any of the denied address ranges in ACL 150, then you'll have no policy matches and the switch will do normal forwarding. Please do another ping and provide the following:

 

- sh access-l 150 before ping

- sh access-l 150 after ping

- output of debug ip policy

0 Helpful

lajan jaleel
Level 1
Level 1
In response to Kevin86

‎11-27-2014 03:59 AM

hi Kevin,

 

Thanks for your reply.

I want all the internet traffic from 192.168.1.91 should go through 192.168.1.4 router and rest all internal traffic should go normally. I denied all private IP addresses for this purpose in ACL and allowed from 192.168.1.91 to any.

I tested the ACL hit counts before and after. Once i put route map the ACL is properly hitting. But i dont know the traffic is not flowing through that

 

In documents i can see ip local policy route-map map-tag that i didnt done. I believe this command is for router initaited packets. Do i need to do this command or not.

 

Thanks & Regards,

LAJAN JALEEL

 

0 Helpful

PETER BUZA
Level 1
Level 1

‎11-27-2014 03:07 AM

Hi Lajan,

 

From your PBR configuration it seems that the traffic will only be directed toward the next-hop address 192.168.1.4, if the traffic is sourced by the IP address of 192.168.1.91.

Check the sections of "PBR Route-Map Processing Logic" and "PBR Route-Map Processing Logic Example" in this documentation: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/XE3-5-0E/15-21E/configuration/guide/config/pbroute.html

 

HTH, Peter

 

 

 

 

BR, Peter
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card