PBR and prefix-lists

Answered Question
Apr 25th, 2007

I'm doing a test of PBR, and it seems to work fine with access-lists, but I'd like to use prefix-lists and rather than behaving the same, it instead matches all packets regardless of source address. Config:

interface Vlan1

ip address 192.168.1.1 255.255.255.0

ip policy route-map TEST

!

ip prefix-list Servers permit 192.168.1.128/25

!

route-map TEST permit 10

match ip address prefix-list Servers

set ip next-hop 192.168.1.2

set ip next-hop verify-availability

!

# debug ip policy

Apr 26 01:46:08.192: IP: s=192.168.1.5 (Vlan1), d=66.246.246.52, len 518, FIB policy match

Apr 26 01:46:08.192: IP: s=192.168.1.5 (Vlan1), d=66.246.246.52, g=192.168.1.2, len 518, FIB policy routed

Works as expected:

ip access-list standard Servers

permit 192.168.1.128 0.0.0.127

!

route-map TEST permit 10

match ip address Servers

set ip next-hop 192.168.1.2

set ip next-hop verify-availability

!

#debug ip policy

Apr 26 01:52:58.578: IP: s=192.168.1.5 (Vlan1), d=66.246.246.52, len 78, FIB policy rejected(no match) - normal forwarding

I have this problem too.
0 votes
Correct Answer by Harold Ritter about 9 years 7 months ago

John,

The prefix-list feature was designed to perform routing protocol route filtering and it is therefore not supported in a PBR context.

Hope this helps,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Harold Ritter Wed, 04/25/2007 - 18:11

John,

The prefix-list feature was designed to perform routing protocol route filtering and it is therefore not supported in a PBR context.

Hope this helps,

johnnylingo Wed, 04/25/2007 - 19:17

Interesting. This was my suspicion, but I noticed it is supported with OER.

johnnylingo Wed, 05/02/2007 - 08:25

I've also noticed it doesn't seem to work with Named ACLs. This works:

access-list 1 permit 192.168.1.128 0.0.0.127

!

route-map TEST permit 10

match ip address 1

set ip next-hop 192.168.1.2

set ip next-hop verify-availability

!

This does not:

ip access-list standard Servers

permit 192.168.1.128 0.0.0.127 log

!

route-map VoIP-T1 permit 10

match ip address Servers

set ip next-hop 192.168.1.2

set ip next-hop verify-availability

!

My IOS version is 12.4(7e)

Actions

This Discussion