OER w/ PBR questions

redray8 · ‎02-13-2008

When I followed the document OER Application-Aware Routing: PBR at:

http://www.cisco.com/en/US/products/ps6441/products_feature_guide09186a00804d679f.html#wp1047623

It seemed that it basically created an OER policy map that then began to use OER on the traffic classes I wanted. I kept the originally learning in place and it seemed like it was changing links for both the configured PBR applications and the learned routes.

What I am trying to accomplish is to force certain types of traffic (IPSec, HTTP) out of one exit interface and then perform OER on all other traffic. Is this done using a extened ACL with a deny statement? Is this even possible?

Thanks.

aghaznavi · ‎02-19-2008

The command syntax used for the OER implementation is

access-list access-list-number [dynamic dynamic-name [timeout minutes]] {deny | permit} protocol source source-wildcard destination destination-wildcard [precedence precedence] [tos tos] [log | log-input] [time-range time-range-name] [fragments]

http://www.cisco.com/en/US/docs/ios/oer/configuration/guide/oer-vpn_gre_exit.html#wp1054453

Joseph W. Doherty · ‎02-19-2008

Can't guarantee this, but what you might have to do is:

1) have all traffic prefer (w/o PfR) the path you want some traffic (IPSec and HTTP) to use

2) exclude same traffic (IPSec and HTTP) from PfR

3) allow PfR to learn and control remaining traffic

[edit]

I recall excluding traffic from OER is done via an OER policy map, don't recall exactly how