11-05-2008 06:19 PM - edited 03-06-2019 02:20 AM
Hi, i am trying to pass only an IP to use a leased line to make the traffic faster. Setup core-switch branch 1 (6509)to router1 leased connected to router2 leased line to coreswitch branch 2 (6509).
config on branch 1
Access-list
Extended IP access list email
10 permit tcp host 10.243.16.2 host 172.21.8.14
20 permit tcp host 10.243.16.2 host 172.21.8.15
Route-map
route-map smtp permit 9
match ip address email
set ip next-hop 10.243.25.3
applied on int vlan 3
ip policy route-map smtp
when i ping the coreswitch on branch2 it goes thru the leased line but when i ping a server it goes thru our WAN? any idea why?
11-05-2008 10:02 PM
I believe , your ACL for the route map should be "permit ip" instead of "permit tcp".
If you are doing a ping(ICMP packet) to the server the traffic is not matched by the ACL its taking the WAN path.
11-06-2008 07:29 AM
Your access-list will only match tcp packets. Any other protocol will not be matched, and are not affected. ICMP for instance, is not matched. So I don't think the behavior you observe is related to the PBR configuration you show.
If you want to match on SMTP packets I would also specify the SMTP port to make sure other tcp traffic (such as http) is not matched:
permit tcp host 10.243.16.2 host 172.21.8.14 eq smtp
If you want test it, you can issue a
telnet
rather than a ping. If you want your access list to match on ping packets, you need to specify icmp as protocol:
permit icmp host 10.243.16.2 host 172.21.8.14
HTH, Thomas
03-14-2011 01:24 AM
but if only want to match smtp traffic you must be aware of using * ip * insted you must use the protocol´s you want and especify the ports... that way you have a granullar control of whats is going through that link
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: