11-05-2008 06:19 PM - edited 03-06-2019 02:20 AM
Hi, i am trying to pass only an IP to use a leased line to make the traffic faster. Setup core-switch branch 1 (6509)to router1 leased connected to router2 leased line to coreswitch branch 2 (6509).
config on branch 1
Access-list
Extended IP access list email
10 permit tcp host 10.243.16.2 host 172.21.8.14
20 permit tcp host 10.243.16.2 host 172.21.8.15
Route-map
route-map smtp permit 9
match ip address email
set ip next-hop 10.243.25.3
applied on int vlan 3
ip policy route-map smtp
when i ping the coreswitch on branch2 it goes thru the leased line but when i ping a server it goes thru our WAN? any idea why?
11-05-2008 10:02 PM
I believe , your ACL for the route map should be "permit ip" instead of "permit tcp".
If you are doing a ping(ICMP packet) to the server the traffic is not matched by the ACL its taking the WAN path.
11-06-2008 07:29 AM
Your access-list will only match tcp packets. Any other protocol will not be matched, and are not affected. ICMP for instance, is not matched. So I don't think the behavior you observe is related to the PBR configuration you show.
If you want to match on SMTP packets I would also specify the SMTP port to make sure other tcp traffic (such as http) is not matched:
permit tcp host 10.243.16.2 host 172.21.8.14 eq smtp
If you want test it, you can issue a
telnet
rather than a ping. If you want your access list to match on ping packets, you need to specify icmp as protocol:
permit icmp host 10.243.16.2 host 172.21.8.14
HTH, Thomas
03-14-2011 01:24 AM
but if only want to match smtp traffic you must be aware of using * ip * insted you must use the protocol´s you want and especify the ports... that way you have a granullar control of whats is going through that link
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide