Basic Route-Map Configuration

Answered Question
Feb 18th, 2009
User Badges:

I need assistance in creating a route-map that will filter all traffic coming from 10.8.5.0/24 and send it to the next hop (10.0.0.9). Right now, when I ping 2.2.2.2/32 it takes the blue path. I want to use route-map to force traffic orginating from 10.8.5.0/24 to take the red path. Attached is the network diagram and the configuration from a L3 switch (3550), which I'm using as a router. Thank you in advance.



Correct Answer by Giuseppe Larosa about 8 years 3 months ago

Hello David,


two notes:

I wouldn't use the log option in the ACL used in the route-map this can be a problem in production

use debug ip policy to see PBR in effects


b) I don't understand Vlan3 that is on that switch but probablyou used it for test


the config looks like fine and also the place where you have applied inbound on link with sa6 is the right one


Hope to help

Giuseppe


Correct Answer by Jon Marshall about 8 years 3 months ago

David


On your 3550 switch you have used the wrong route-map name ie. you have


interface FastEthernet0/46

description SA06 Fa0/0

no switchport

ip address 10.0.0.14 255.255.255.252

ip policy route-map pbr

speed 10

duplex full

spanning-tree portfast

!


but your policy map is called test ie.


route-map test permit 10

description route 10.8.5.0 to fa0/1

match ip address pbr

set ip next-hop 10.0.0.9


so under fa0/46 interface


SA01-R1(config)# int fa0/46

SA01-R1(config-if)# no ip policy route-map pbr

SA01-R1(config-if)# ip policy route-map test


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Jon Marshall Wed, 02/18/2009 - 10:02
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

David


On your 3550 switch you have used the wrong route-map name ie. you have


interface FastEthernet0/46

description SA06 Fa0/0

no switchport

ip address 10.0.0.14 255.255.255.252

ip policy route-map pbr

speed 10

duplex full

spanning-tree portfast

!


but your policy map is called test ie.


route-map test permit 10

description route 10.8.5.0 to fa0/1

match ip address pbr

set ip next-hop 10.0.0.9


so under fa0/46 interface


SA01-R1(config)# int fa0/46

SA01-R1(config-if)# no ip policy route-map pbr

SA01-R1(config-if)# ip policy route-map test


Jon

davidhuynh5 Wed, 02/18/2009 - 10:32
User Badges:

Thanks Jon and Giuseppe, it worked. You guys are da man.


Correct Answer
Giuseppe Larosa Wed, 02/18/2009 - 10:05
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello David,


two notes:

I wouldn't use the log option in the ACL used in the route-map this can be a problem in production

use debug ip policy to see PBR in effects


b) I don't understand Vlan3 that is on that switch but probablyou used it for test


the config looks like fine and also the place where you have applied inbound on link with sa6 is the right one


Hope to help

Giuseppe


Actions

This Discussion