Policy Based Routing with Deny

Unanswered Question
Apr 27th, 2009
User Badges:

Hi All,


We have a Cat-3550 with a route-map for a SVI (VLAN 1) to redirect the traffic. Everything is fine except for the fact the traffic to the other VLANs are also routed the same way with additional hop. I would like to exclude this using a deny statement but for some reason that doesnt seem to work. Please find the config details below:


interface Vlan1

ip address 10.18.1.2 255.255.255.0

ip directed-broadcast

ip policy route-map server

no ip mroute-cache

end


route-map server permit 10

match ip address servers

set ip next-hop 10.18.122.6


ip access-list extended servers

permit ip 10.18.1.0 0.0.0.255 any


New config (which doesnt work)


route-map newserver deny 10

match ip address 199


!

route-map newserver permit 20

match ip address servers

set ip next-hop 10.18.122.6

access-list 199 permit ip 10.18.1.0 0.0.0.255 10.18.2.0 0.0.0.255

access-list 199 permit ip 10.18.1.0 0.0.0.255 10.18.3.0 0.0.0.255

access-list 199 permit ip 10.18.1.0 0.0.0.255 10.18.4.0 0.0.0.255

access-list 199 permit ip 10.18.1.0 0.0.0.255 10.18.5.0 0.0.0.255


What am i missing here. Thanks in advance,


Cheers

subra

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
thotsaphon Mon, 04/27/2009 - 09:23
User Badges:
  • Gold, 750 points or more

Subra,

Your configuration looks good to me. You want to deny switching between Vlans to let them go using the normal routing table.

You may use a "debup ip policy" command to see what's going on.

Well, in case it really doesn't work. You may think about other ways.



!

route-map newserver permit 10

match ip address only-for-server

set ip next-hop 10.18.122.6


ip access-list extended only-for-server

deny ip 10.18.1.0 0.0.0.255 10.18.2.0 0.0.0.255

deny ip 10.18.1.0 0.0.0.255 10.18.3.0 0.0.0.255

deny ip 10.18.1.0 0.0.0.255 10.18.4.0 0.0.0.255

deny ip 10.18.1.0 0.0.0.255 10.18.5.0 0.0.0.255

permit ip 10.18.1.0 0.0.0.255 any

!




HTH,

Toshi



subra4u Mon, 04/27/2009 - 09:52
User Badges:

Cheers mate. It works.................

thotsaphon Mon, 04/27/2009 - 09:27
User Badges:
  • Gold, 750 points or more

Bret,

Are you really thinking about that way? If so, 5P! for you anyway! heheheh..


Toshi

thotsaphon Mon, 04/27/2009 - 11:34
User Badges:
  • Gold, 750 points or more

bret,

Maybe less than one minute! (grin)


Good job,Man

Toshi

Actions

This Discussion