01-05-2020 06:52 PM
Hi all.
I had a issue in Cisco Catalyst 3850. This is the diagram in my company.
Internet ------------- Cisco 9300 ======2 MPLS lines======== Cisco 3850 ------------ Users
In Cisco 3850:
I am using route-map in 3850 to route traffic from vlan Users (vlan 183) to Internet via MPLS-02 and default route via MPLS-01. This is my configurations:
------------------------------
interface Vlan183
description UserVlan-01
ip address 192.168.183.1 255.255.255.0
ip policy route-map MPLS-02
end
------------------------------
route-map MPLS-02, permit, sequence 10
Match clauses:
ip address (access-lists): 130
Set clauses:
ip next-hop 1.2.3.4
Policy routing matches: 4192 packets, 523934 bytes
------------------------------
Extended IP access list 130
10 permit ip 192.168.183.0 0.0.0.255 any (4195 matches)
------------------------------
My issue:
- when I traceroute from interface vlan 183 to Internet on 3850, traffic forwarded via MPLS-02 --> It's correct.
- When Users in vlan 183 access to Internet, traffic forwarded via MPLS-01 by default route --> It's wrong. But if I reload Cisco 3850, User's traffic forwarded via MPLS-02 --> It's correct. This issue happened 2 times then I had to reload Switch
I was using Cisco IOS-XE 16.06.05 in 3850. I wonder why route-map didn't work well. Please help me to fix it. Thanks so much
Regards,
Giang Le
Solved! Go to Solution.
01-05-2020 07:25 PM
01-05-2020 07:25 PM
01-05-2020 07:31 PM
01-06-2020 05:50 PM
After you tested what @paul driver said, let's assume acl 110 isn't existing on your switch, below the command you need to do:
conf t
ip access-list extend 110
permit ip 192.168.183.0 0.0.0.255 host 8.8.8.8
!
do term mon
exit
!
debug ip packets detail 110
Then run a ping 8.8.8.8 from your testing machine and you'll get some outputs on your terminal. Save it and share it on the post by putting it into a text file for better readability.
To stop debug and clear the config on your switch:
undebug all
conf t
no ip access-list extend 110
01-09-2020 06:31 PM
01-11-2020 02:05 PM
01-06-2020 02:59 AM - edited 01-06-2020 03:00 AM
Hello
As you cannot upgrade at this time, Try using the same RM but without specifying any ACL, as you wish all traffic from that subnet to be policy routed then you dont require an access-list.
Is the RM next hop a direclty connected interface?
What sdm template are you running?
sh ip route
sh sdm prefer
01-07-2020 08:10 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide