route-map question

edongskiu · ‎11-05-2008

Hi, i am trying to pass only an IP to use a leased line to make the traffic faster. Setup core-switch branch 1 (6509)to router1 leased connected to router2 leased line to coreswitch branch 2 (6509).

config on branch 1

Access-list

Extended IP access list email

10 permit tcp host 10.243.16.2 host 172.21.8.14

20 permit tcp host 10.243.16.2 host 172.21.8.15

Route-map

route-map smtp permit 9

match ip address email

set ip next-hop 10.243.25.3

applied on int vlan 3

ip policy route-map smtp

when i ping the coreswitch on branch2 it goes thru the leased line but when i ping a server it goes thru our WAN? any idea why?

dhananjoy chowdhury · ‎11-05-2008

I believe , your ACL for the route map should be "permit ip" instead of "permit tcp".

If you are doing a ping(ICMP packet) to the server the traffic is not matched by the ACL its taking the WAN path.

tcordier · ‎11-06-2008

Your access-list will only match tcp packets. Any other protocol will not be matched, and are not affected. ICMP for instance, is not matched. So I don't think the behavior you observe is related to the PBR configuration you show.

If you want to match on SMTP packets I would also specify the SMTP port to make sure other tcp traffic (such as http) is not matched:

permit tcp host 10.243.16.2 host 172.21.8.14 eq smtp

If you want test it, you can issue a

telnet 25

rather than a ping. If you want your access list to match on ping packets, you need to specify icmp as protocol:

permit icmp host 10.243.16.2 host 172.21.8.14

HTH, Thomas

Alcides Miguel · ‎03-14-2011

but if only want to match smtp traffic you must be aware of using * ip * insted you must use the protocol´s you want and especify the ports... that way you have a granullar control of whats is going through that link