11-07-2008 01:43 PM - edited 03-04-2019 12:14 AM
PBR is not functioning correctly. Here is the configuration:
ip access-list extended PBR
10 permit icmp any host 10.1.2.3
route-map PBR permit 10
match ip address PBR
set ip next-hop 172.16.251.1
interface FastEthernet0/0.2
ip policy route-map PBR
Scenario:
Host behind int f0/0.2 traces to host 10.1.2.3.
Packets are not being sent to the next hop getting this when I debug ip policy:
"policy rejected -- normal forwarding"
10.1.2.3 is not in the routing table
same thing when I change the set command to point at the nexthop interface.
Can anyone assist?
11-07-2008 01:53 PM
Anthoney
Perhaps we would understand the issue better if you would post a more complete configuration.
Is 10.1.2.3 a reachable address?
HTH
Rick
11-07-2008 08:49 PM
Yes but the router has only a default route to reach it. What else do you need in the way of configurations?
11-07-2008 09:03 PM
Please send the output of
sh ip route 172.16.251.X
11-10-2008 07:45 AM
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
S 172.16.251.1/32 is directly connected, Tunnel0
C 172.16.251.0/24 is directly connected, Tunnel0
11-10-2008 07:54 AM
Anthoney
Your next-hop is directly connected. Could you try either
1) set ip next-hop
OR
2) set interface tunnel0 instead of set ip next-hop
Jon
11-10-2008 08:22 AM
I already tried the interface command and it doesnt work either. 172.16.251.1 is the other end of the tunnel. The router has 2 default routes for all other routes. The route I am attempting to push the traffic to has a higher AD than the one thr router is choosing.
11-10-2008 08:37 AM
Anthoney
1) Can you check that you are getting hits on your PBR acl
2) Have you tried running "debug ip policy"
Jon
11-10-2008 08:42 AM
I am getting hits
Extended IP access list PBR
10 permit icmp host 205.105.5.153 any log (23 matches)
the debug shows the following:
FIB policy rejected(no match) - normal forwarding
11-10-2008 08:43 AM
I am getting hits
Extended IP access list PBR
10 permit icmp host 205.105.5.153 any log (23 matches)
the debug shows the following:
FIB policy rejected(no match) - normal forwarding
11-10-2008 09:04 AM
Anthoney
I appreciate you are trying to keep addresses private but apart from the fact that the ip address has changed in the access-list PBR it has also gone from being any to 10.2.1.3 to 205.1.5.5.153 to any.
This is confusing somewhat.
Could you perhaps post
1) running-config
2) "sh ip route"
3) "sh ip int brief"
Jon
11-11-2008 12:57 PM
Sorry about the confusion. I disabled CEF and now it works. I was under the impression that it works with CEF.
11-11-2008 01:39 PM
Anthoney
No problem, glad you got it working and thanks for letting us know.
Jon
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: