cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
318
Views
0
Helpful
3
Replies

route-map question

edongskiu
Level 1
Level 1

Hi, i am trying to pass only an IP to use a leased line to make the traffic faster. Setup core-switch branch 1 (6509)to router1 leased connected to router2 leased line to coreswitch branch 2 (6509).

config on branch 1

Access-list

Extended IP access list email

10 permit tcp host 10.243.16.2 host 172.21.8.14

20 permit tcp host 10.243.16.2 host 172.21.8.15

Route-map

route-map smtp permit 9

match ip address email

set ip next-hop 10.243.25.3

applied on int vlan 3

ip policy route-map smtp

when i ping the coreswitch on branch2 it goes thru the leased line but when i ping a server it goes thru our WAN? any idea why?

3 Replies 3

I believe , your ACL for the route map should be "permit ip" instead of "permit tcp".

If you are doing a ping(ICMP packet) to the server the traffic is not matched by the ACL its taking the WAN path.

tcordier
Level 1
Level 1

Your access-list will only match tcp packets. Any other protocol will not be matched, and are not affected. ICMP for instance, is not matched. So I don't think the behavior you observe is related to the PBR configuration you show.

If you want to match on SMTP packets I would also specify the SMTP port to make sure other tcp traffic (such as http) is not matched:

permit tcp host 10.243.16.2 host 172.21.8.14 eq smtp

If you want test it, you can issue a

telnet 25

rather than a ping. If you want your access list to match on ping packets, you need to specify icmp as protocol:

permit icmp host 10.243.16.2 host 172.21.8.14

HTH, Thomas

Alcides Miguel
Level 1
Level 1

but if only want to match smtp traffic you must be aware of using * ip * insted you must use the protocol´s you want and especify the ports... that way you have a granullar control of whats is going through that link

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco