11-26-2014 02:21 PM - edited 03-07-2019 09:40 PM
Dear Team,
We are configuring route map in 4506 chassis. Please find the config.
access-list 150 deny ip any 10.0.0.0 0.255.255.255
access-list 150 deny ip any 172.16.0.0 0.15.255.255
access-list 150 deny ip any 192.168.0.0 0.0.255.255
access-list 150 permit ip host 192.168.1.91 any
access-list 150 deny ip any any
!
route-map NAT-PBR permit 10
match ip address 150
set ip next-hop 192.168.1.4
interface vlan 100
ip address 192.168.1.1 255.255.255.0
ip policy route-map NAT-PBR
ip route 0.0.0.0 0.0.0.0 192.168.5.1
We can see ACL are hitting and route map is also hotting but the IP address is not going through the specified hop. Its still taking the default route.
Kindly advise on this.
Thanks
11-27-2014 02:51 AM
Hi.
What IP is the host trying to reach? If the destination IP falls within any of the denied address ranges in ACL 150, then you'll have no policy matches and the switch will do normal forwarding. Please do another ping and provide the following:
- sh access-l 150 before ping
- sh access-l 150 after ping
- output of debug ip policy
11-27-2014 03:59 AM
hi Kevin,
Thanks for your reply.
I want all the internet traffic from 192.168.1.91 should go through 192.168.1.4 router and rest all internal traffic should go normally. I denied all private IP addresses for this purpose in ACL and allowed from 192.168.1.91 to any.
I tested the ACL hit counts before and after. Once i put route map the ACL is properly hitting. But i dont know the traffic is not flowing through that
In documents i can see ip local policy route-map map-tag that i didnt done. I believe this command is for router initaited packets. Do i need to do this command or not.
Thanks & Regards,
LAJAN JALEEL
11-27-2014 03:07 AM
Hi Lajan,
From your PBR configuration it seems that the traffic will only be directed toward the next-hop address 192.168.1.4, if the traffic is sourced by the IP address of 192.168.1.91.
Check the sections of "PBR Route-Map Processing Logic" and "PBR Route-Map Processing Logic Example" in this documentation: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/XE3-5-0E/15-21E/configuration/guide/config/pbroute.html
HTH, Peter
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide