04-25-2007 05:46 PM - edited 03-03-2019 04:42 PM
I'm doing a test of PBR, and it seems to work fine with access-lists, but I'd like to use prefix-lists and rather than behaving the same, it instead matches all packets regardless of source address. Config:
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip policy route-map TEST
!
ip prefix-list Servers permit 192.168.1.128/25
!
route-map TEST permit 10
match ip address prefix-list Servers
set ip next-hop 192.168.1.2
set ip next-hop verify-availability
!
# debug ip policy
Apr 26 01:46:08.192: IP: s=192.168.1.5 (Vlan1), d=66.246.246.52, len 518, FIB policy match
Apr 26 01:46:08.192: IP: s=192.168.1.5 (Vlan1), d=66.246.246.52, g=192.168.1.2, len 518, FIB policy routed
Works as expected:
ip access-list standard Servers
permit 192.168.1.128 0.0.0.127
!
route-map TEST permit 10
match ip address Servers
set ip next-hop 192.168.1.2
set ip next-hop verify-availability
!
#debug ip policy
Apr 26 01:52:58.578: IP: s=192.168.1.5 (Vlan1), d=66.246.246.52, len 78, FIB policy rejected(no match) - normal forwarding
Solved! Go to Solution.
04-25-2007 06:11 PM
John,
The prefix-list feature was designed to perform routing protocol route filtering and it is therefore not supported in a PBR context.
Hope this helps,
04-25-2007 06:11 PM
John,
The prefix-list feature was designed to perform routing protocol route filtering and it is therefore not supported in a PBR context.
Hope this helps,
04-25-2007 07:17 PM
Interesting. This was my suspicion, but I noticed it is supported with OER.
05-02-2007 08:25 AM
I've also noticed it doesn't seem to work with Named ACLs. This works:
access-list 1 permit 192.168.1.128 0.0.0.127
!
route-map TEST permit 10
match ip address 1
set ip next-hop 192.168.1.2
set ip next-hop verify-availability
!
This does not:
ip access-list standard Servers
permit 192.168.1.128 0.0.0.127 log
!
route-map VoIP-T1 permit 10
match ip address Servers
set ip next-hop 192.168.1.2
set ip next-hop verify-availability
!
My IOS version is 12.4(7e)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: