11-03-2008 12:58 AM - edited 03-06-2019 02:16 AM
Hi,
I want to assign a new gateway for a quarantainenet vlan. The gateway is located in another subnet. This subnet is only available via routing.
When i set a new gateway via policy based routing. I receive an error policy based routing rejected - normal routing.
I include an config and network drawing in the ticket.
Is it possible to assign a new gateway via policy based routing. How can i solve this issue?
Best regards
Solved! Go to Solution.
11-04-2008 03:03 AM
Jorg
I thought that might be the case. If you want to use PBR the only way to resolve this with the 3750 is to ensure that the next-hop ie. the server is on a directly connected subnet to the 3750 so you may need to think about altering your topology.
Jon
11-03-2008 12:59 AM
11-03-2008 01:37 AM
11-03-2008 01:50 AM
HI Jorg, [Pls RATE if HELPS]
The details are not clear, but:
The set ip next-hop command verifies the existence of the next hop specified, andâ¦
>> if the next hop exists in the routing table, then the command policy routes the packet to the next hop.
>> if the next hop does not exist in the routing table, the command uses the normal routing table to forward the packet.
Does your Routers knows, the next hop ?
Also, use the "debug ip policy" to see the outputs.
Hope I am Informative.
Pls RATE if HELPS
Best Regards,
Guru Prasad R
11-03-2008 01:50 AM
Jorg
It's a little unclear from the diagram what you are trying to do. Are you saying that the next-hop is not a connected subnet on the L3 device ?
If so you may want to look at PBR - Recursive next-hop fetaure
http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/12s_pbr.html
Jon
11-03-2008 02:28 AM
Hi Jon,
No, the next hop 10.100.250.5 is the quarantianeserver. So the next hop is not directly connected. And the route to 10.100.250.5 is going over the default route.
Is het possible to do this via pbr?
11-03-2008 02:37 AM
If you set an "ip default next-hop" with a route map, that next-hop will be used ONLY if an explicit path to the destination network is not present in the routing table. An extended ACL must be used here, since a source and destination must be defined.
Example
R2(config)#access-list 150 permit ip host 172.1.1.1 210.1.1.0 0.0.0.255
R2(config)#route-map DEFAULT_NEXT_HOP permit
R2(config-route-map)#match ip address 150
R2(config-route-map)#set ip default next-hop 100.1.1.3
R2(config)#interface e0
R2(config-if)#ip policy route-map DEFAULT_NEXT_HOP
When a packet comes into ethernet0 with a source IP of 172.1.1.1 and is destined for any host on the 210.1.1.0/24 network, the next-hop address will be set to 100.1.1.3 IF there is no entry in the routing table for that network.
11-03-2008 03:05 AM
Francisco_1,
Thanks, that is what i'm looking for. But is the next hop not neccessary to directly connected in the ip default next-hop command ?
Cheers
Jorg
11-03-2008 03:46 AM
Jorg,
I'm not the expert here but to be more clear about the next hop commands which can be confusing sometimes, the "set ip next-hop" and "set ip default next-hop commands are similar but function differently. the "set ip next-hop" causes the router to use policy routing first and then use the routing table. the "set ip default next-hop" command uses the route table first and then policy route to the specified default next hop.
set ip next-hop: next-hop adresses must be in a connected subnet maybe someone else can shed more light on this discussion.
Francisco
11-03-2008 05:15 AM
Jorg
Dod you have a read of the link i posted. Normally with PBR the next-hop must be on a directly connected subnet. But with recursive PBR the next-hop does not have to be directly connected but it must be reachable ie. can you ping the next-hop from the L3 device you want to apply PBR to.
So you should be able to achieve what you want if i am understanding correctly. What device are you running this on as we need to check that PBR recursive is supported on that device.
Jon
11-03-2008 06:28 AM
Hi jon,
Yes, i read it. The device i'm using is a c3750 with ip services (both routers in the drawing are)
Best regards
Jorg
11-03-2008 06:42 AM
Jorg
Doesn't mention it as supported in Feature Navigator. Quickest way to check is on 3750
3750(config)# route-map test
then try "set ip next-hop ?"
if the keyword "recursive" is an option then let me know.
Jon
11-03-2008 10:54 PM
Hi Jon,
Will try to make a vpn connection to the clients network today.
The feature navigator is telling me that policy based routing is included in the ios. But not telling if the option is already included.
cheers
Jorg
11-04-2008 02:56 AM
Hi Jon,
The options i get are.
nwrt-sw250003(config-route-map)#set ip next-hop ?
A.B.C.D IP address of next hop
peer-address Use peer address (for BGP only)
verify-availability Verify if nexthop is reachable
Any way how i can resolve this?
11-04-2008 03:03 AM
Jorg
I thought that might be the case. If you want to use PBR the only way to resolve this with the 3750 is to ensure that the next-hop ie. the server is on a directly connected subnet to the 3750 so you may need to think about altering your topology.
Jon
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: