12-30-2014 01:45 PM - edited 03-07-2019 10:02 PM
Hello All,
Im trying to use route-map using next hop. For some reason I am not getting any matching packets. SDM is setup for desktop routing.
I am not getting any matches on my route-map nor my ACL.
Code is 12.2(55)SE5
Config
interface Vlan11
description OAD_NAP Data Network
ip address 10.248.60.254 255.255.255.0
ip helper-address 172.17.101.1
ip helper-address 172.17.104.1
ip helper-address 172.17.108.114
no ip redirects
no ip proxy-arp
ip policy route-map ROUTE-OADFW
end
access-list 100 permit ip host 10.248.60.240 host 172.20.1.1 log
access-list 100 permit ip 10.248.60.0 0.0.0.255 172.20.1.0 0.0.0.255
!
route-map ROUTE-OADFW permit 10
match ip address 100
set ip next-hop 10.248.31.254
!
Don't know if this makes a difference 10.248.31.254 (FW) is not the next hop but it is in the routing table so the 3750 knows how to get their.
sho route-map
route-map ROUTE-OADFW, permit, sequence 10
Match clauses:
ip address (access-lists): 100
Set clauses:
ip next-hop 10.248.31.254
Policy routing matches: 0 packets, 0 bytes
oan-u101-asw-01#
Very straight forward I thought :) Any help really appreciated.
12-30-2014 03:54 PM
You will have to look and see how / if recursive routing lookups work on the 3750. Check out this post:
https://supportforums.cisco.com/discussion/10029671/route-maps-3750
Please rate helpful posts! :-)
12-31-2014 07:54 AM
I don't see recursive as an option. Any other ideas I can do to get the traffic to a non directly connected newtwork?
12-31-2014 06:46 PM
The 3750 doesn't support any type of tunneling so nothing off hand in that regard.
You could forward it to a next hop device (without a recursive look up) that then also uses a policy based route to keep it moving in the right direction. It would get a little tricky but doable. Be sure to document / diagram whats happening! :-)
Be sure to rate helpful posts! :-)
01-14-2015 01:53 PM
Question just to reassure myself.
I dont need an ip any any at the end of my acl to allow regular traffic if I am reading this correctly. My route-map would only look for matching ACL any traffic that does not match would take the normal path correct? I dont want to drop any traffic while doing this change.
access-list 100 permit ip host 10.248.60.240 host 172.20.1.1 log
access-list 100 permit ip 10.248.60.0 0.0.0.255 172.20.1.0 0.0.0.255
01-14-2015 02:08 PM
Any traffic not matched in the route-map acl(s) would be routed normally ie. it would use the IP routing table.
Jon
01-14-2015 02:30 PM
Thanks Jon for clarification.
12-30-2014 04:26 PM
Hi,
You need to look at the config guide
Look at step 4
Step 4
set ip next-hop ip-address [...ip-address]
Specify the action to take on the packets that match the criteria. Set next hop to which to route the packet (the next hop must be adjacent).
The address you re using as the next hop is NOT adjacent
Regards
Alex
01-02-2015 02:58 AM
Hello
Try the using:
- a recursive next hop
- enabling proxy arp on SVI 11
route-map ROUTE -OADFW permit 10
match ip address 100
set ip next-hop recursive 10.248.31.254
sh sdm prefer
debug ip packet detail 100
debug ip policy
res
Paul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide