Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
362
Views
0
Helpful
3
Replies

Route Map Issue

NES IT
Level 1
Level 1

‎02-06-2013 05:55 AM - edited ‎03-07-2019 11:32 AM

Hi All,

I have a Cisco3560G switch that has a route map places on one of the SVI interfaces. I am trying to tftp from the switch to the NMS (which is on the same VLAN) yet when the route map is in place, it fails (although the NMS see's the traffic, it times out). Can anyone explain why this would happen?

                  

Extended IP access list Management-Route-Map-ACL

    10 deny icmp any host 10.11.130.162 (10 matches)

    20 deny ip any host 10.11.130.163

    30 deny ip any host 10.11.130.164

    40 permit ip 10.11.130.160 0.0.0.15 any (89 matches)

interface Vlan160

description Management Network - L3 Interface

ip address 10.11.130.162 255.255.255.240

ip access-group Management-Zone-ACL-In in

ip policy route-map Management-Route-Map-ACL

Switch address 10.11.130.162

NMS Address 10.11.130.163

With route map applied...

SEP-CSW-01#copy run tftp

Address or name of remote host []? 10.11.130.163

Destination filename [sep-csw-01-confg]?

.....

%Error opening tftp://10.11.130.163/sep-csw-01-confg (Timed out)

With route map removed...

SEP-CSW-01#copy run tftp

Address or name of remote host []? 10.11.130.163

Destination filename [sep-csw-01-confg]?

!!

41053 bytes copied in 2.693 secs (15244 bytes/sec)

Im stumped!

Labels:
0 Helpful
3 Replies 3

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎02-06-2013 06:20 AM

Hello Daniel,

may you post the route-map configuration ?

because you have defined an IP extended ACL and then you try to call a route-map with the same name.

if the route-map does not exist IOS does not warn you.

Hope to help

Giuseppe

0 Helpful

NES IT
Level 1
Level 1
In response to Giuseppe Larosa

‎02-06-2013 06:24 AM

Hey Giuseppe,

Route map and ACL can have the same name, but mine are slightly different. Here is the route map config.

SEP-CSW-01#sh route-map Management-Route-Map

route-map Management-Route-Map, permit, sequence 10

  Match clauses:

    ip address (access-lists): Management-Route-Map-ACL

  Set clauses:

    ip next-hop 10.11.130.161

  Policy routing matches: 9 packets, 1281 bytes

Dan

0 Helpful

NES IT
Level 1
Level 1
In response to NES IT

‎02-06-2013 07:01 AM

its ok, resolved it.

I needed a deny statement in the route map for the traffic from NMS to switch. As below:

SEP-CSW-01#sh ip access-list Management-Route-Map-ACL

Extended IP access list Management-Route-Map-ACL

    10 deny icmp any host 10.11.130.162 (1 match)

    20 deny ip host 10.11.130.162 host 10.11.130.163

    30 deny ip host 10.11.130.163 host 10.11.130.162 (98 matches)

    40 permit ip 10.11.130.160 0.0.0.15 any (2 matches)

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card