×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

PBR Issue (match interface or match ip next-hop)

Unanswered Question
Nov 30th, 2009
User Badges:

Hi,


I have a need to change the next-hop address of all traffic entering interface A AND (leaving interface B OR has a next hop of X)


e.g.

Normally All traffic going out of interface Fa2/0 has next-hop of 10.0.0.2

I want traffic that has entered the router from F0/0 that is headed this way to have it's next hop set to 10.0.0.3

Traffic entering by any other interface (Fa0/1 , Fa1/0 etc) should follow normal routing.

Traffic entering Fa0/0 but is destined for an interface other than Fa2/0 should also be left alone.


Using an access-list and match ip <acl> is extremely difficult as both source and destinations are subject to frequent changes, and management overhead of the ACL would be cumbersome.



I have tried:


route-map MYMAP permit 10

  match interface Fa2/0

  set ip next-hop 10.0.0.3


interface FastEthernet0/1
ip address 172.16.1.1 255.255.255.0
ip policy route-map MYMAP


But this matches ALL packets entering F0/0


I have also tried


route-map MYMAP permit 10

  match ip next-hop ACL_NEXTHOP

  set ip next-hop 10.0.0.3


ip access-list standard ACL_NEXTHOP

  permit host 10.0.0.2


interface FastEthernet0/1
  ip address 172.16.1.1 255.255.255.0
  ip policy route-map MYMAP



Can anyone please point me in the right direction?


I have attached my Lab Diagram


Many Thanks,

Nick

Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Jon Marshall Mon, 11/30/2009 - 09:27
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

hsw_networking wrote:


Hi,


I have a need to change the next-hop address of all traffic entering interface A AND (leaving interface B OR has a next hop of X)


e.g.

Normally All traffic going out of interface Fa2/0 has next-hop of 10.0.0.2

I want traffic that has entered the router from F0/0 that is headed this way to have it's next hop set to 10.0.0.3

Traffic entering by any other interface (Fa0/1 , Fa1/0 etc) should follow normal routing.

Traffic entering Fa0/0 but is destined for an interface other than Fa2/0 should also be left alone.


Using an access-list and match ip is extremely difficult as both source and destinations are subject to frequent changes, and management overhead of the ACL would be cumbersome.



I have tried:


route-map MYMAP permit 10

  match interface Fa2/0

  set ip next-hop 10.0.0.3


interface FastEthernet0/1
ip address 172.16.1.1 255.255.255.0
ip policy route-map MYMAP


But this matches ALL packets entering F0/0


I have also tried


route-map MYMAP permit 10

  match ip next-hop ACL_NEXTHOP

  set ip next-hop 10.0.0.3


ip access-list standard ACL_NEXTHOP

  permit host 10.0.0.2


interface FastEthernet0/1
  ip address 172.16.1.1 255.255.255.0
  ip policy route-map MYMAP



Can anyone please point me in the right direction?


I have attached my Lab Diagram


Many Thanks,

Nick


Nick


The "match ip next-hop ..." command is used when route-maps are being used for redistribution between routing protocols ie. it cannot be used for PBR.


For PBR you have -


1) match ip address

2) match length


so you will need to use an acl with the source and destination networks i'm afraid.


Jon

hsw_networking Mon, 11/30/2009 - 09:32
User Badges:

Damn,  I was worried someone was going to say that.


Oh well, thanks Jon.

hsw_networking Mon, 11/30/2009 - 09:34
User Badges:

LOL I can't believe it just blanked out that word!


It isn't even a swear word!

hsw_networking Mon, 11/30/2009 - 09:45
User Badges:

I had another thought,


I don't suppose there is any way of applying a route-map to an EGRESS interface is there?


i.e.

Any packets EXITING Fa2/0 should have the next-hop set.

Jon Marshall Mon, 11/30/2009 - 09:51
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

hsw_networking wrote:


I had another thought,


I don't suppose there is any way of applying a route-map to an EGRESS interface is there?


i.e.

Any packets EXITING Fa2/0 should have the next-hop set.


Nick


No swearing now


PBR takes place before routing for obvious reasons. So basically no because the router will already have decided the interface based on the routing table, it won't then try and apply PBR after that. Have a look at this link which describes the order of operation on a router -


http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml


Jon

Actions

This Discussion

Related Content