09-21-2011 07:32 PM
HI
I need to configure ASR 9006 with this configuration.
OLD and good configuration:
access-list 199 deny ip any 186.32.128.0 0.0.31.255 log
access-list 199 deny ip any 186.32.224.0 0.0.15.255 log
access-list 199 deny ip any 190.53.48.0 0.0.15.255 log
access-list 199 deny ip any 190.53.64.0 0.0.31.255 log
access-list 199 deny ip any 190.53.76.0 0.0.3.255 log
access-list 199 deny ip any 190.53.80.0 0.0.1.255 log
access-list 199 deny ip any 190.53.92.0 0.0.3.255 log
access-list 199 permit ip any any
route-map 123456 permit 10
match ip address 199
set ip next-hop 144.224.115.81
interface FastEthernet1/14
no switchport
ip address 10.206.1.1 255.255.255.252
ip policy route-map 123456
and my new config but this is bad
prefix-set XX
186.32.128.0/19,
190.53.192.0/19,
186.32.224.0/20,
190.53.48.0/20,
205.211.248.0/21,
205.211.192.0/22,
205.211.244.0/22,
205.211.218.0/23,
205.211.220.0/23,
205.211.222.0/23,
200.12.227.0/24
end-set
route-policy salida-amnet-sps-cable
if destination in XX then
pass
else
set next-hop 144.224.115.81
endif
end-policy
!
I need know know how appliy the route-policy to the interface
thanks.
02-10-2012 11:23 AM
Hello, thank you.
We don't use mpls and we need VRF for two independent routing tables on ASR.
We are going to use ABF for routing via source address on BVI and bundle interfaces.
Is it possible?
02-10-2012 11:30 AM
Hello Konstantin,
I do not believe ACL-based forwarding is supported on L2 interfaces (such as a BVI) at this time: http://www.cisco.com/en/US/docs/routers/asr9000/software/asr9k_r4.1/addr_serv/configuration/guide/ipaddr_cg41a9k_chapter1.html#concept_BF68E0C2D04E420B82E1BFC36F5A0B1F
I believe support is planned for 4.3, however.
02-12-2012 09:48 PM
Hello Charles,
Thank you.
Do you know date of announce release 4.3?
WBR,
Konstantin
02-13-2012 05:16 AM
That would be end of this year (2012) Konstantin. December time frame.
regards
xander
04-15-2017 01:30 AM
This is really not practical!
This is the only way to apply an ACL on an interface in global configuration mode?!
int Te
ipv4 access-group ABF in
I have 100 ip address that I can not summarize and I need to set them to a single nexthop? Do I need to write it 100 times?
permit x.x.x.x nexthop y.y.y.y
permit z.z.z.z nexthop y.y.y.y
....... 100 times ?
and I need also to use those Ip adresses in a route-policy so I have to write them all over again!
At least in IOS you make an ACL, use route-map to match the ACL (and use the ACL somewhere else if you want) and set a nexthop and then applied to an interface.
04-15-2017 05:44 AM
you define the acl globally, and you apply it to the interface on ingress.
it is indeed case that with a route-map approach, you can reuse the ACL.
for asr9k/xr you could, instead of ABF, if you want to re-use the ACL, define the ACL as you like with route-map and then use PBR to pull in that ACL into a class-map type traffic and in the pbr control policy set a next hop there.
that might be an alternate solution similar to route-map for you.
cheers!
xander
04-17-2017 05:08 AM
I really appreciate your reply !
This worked perfectly!!
ipv4 access-list acl1
permit x.x.x.x
permit z.z.z.z
class-map type traffic class1
match access-group ipv4 acl1
end-class-map
policy-map type pbr policy1
class type traffic class1
set destination-address ipv4 y.y.y.y ( my nexthop)
end
int Te
service-policy type pbr input policy1
thanks again
04-17-2017 05:08 AM
oh I forgot to mention that the pbr method is a true l3 redirect, meaning that with the set destination operation you rewrite the packets layer 3 address.
thsi is nice so that on next nodes, the new destination is followed, rather than needing to redirect at every hop from the original path to destination.
on the return we can reset the source address back to the original servers addr so that we did a perfect spoof.
cheers
xander
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: