cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4274
Views
4
Helpful
6
Replies

PBR Issue (match interface or match ip next-hop)

hsw_networking
Level 1
Level 1

Hi,

I have a need to change the next-hop address of all traffic entering interface A AND (leaving interface B OR has a next hop of X)

e.g.

Normally All traffic going out of interface Fa2/0 has next-hop of 10.0.0.2

I want traffic that has entered the router from F0/0 that is headed this way to have it's next hop set to 10.0.0.3

Traffic entering by any other interface (Fa0/1 , Fa1/0 etc) should follow normal routing.

Traffic entering Fa0/0 but is destined for an interface other than Fa2/0 should also be left alone.

Using an access-list and match ip <acl> is extremely difficult as both source and destinations are subject to frequent changes, and management overhead of the ACL would be cumbersome.

I have tried:

route-map MYMAP permit 10

  match interface Fa2/0

  set ip next-hop 10.0.0.3


interface FastEthernet0/1
ip address 172.16.1.1 255.255.255.0
ip policy route-map MYMAP

But this matches ALL packets entering F0/0

I have also tried

route-map MYMAP permit 10

  match ip next-hop ACL_NEXTHOP

  set ip next-hop 10.0.0.3


ip access-list standard ACL_NEXTHOP

  permit host 10.0.0.2

interface FastEthernet0/1
  ip address 172.16.1.1 255.255.255.0
  ip policy route-map MYMAP

Can anyone please point me in the right direction?

I have attached my Lab Diagram

Many Thanks,

Nick

6 Replies 6

Jon Marshall
Hall of Fame
Hall of Fame

hsw_networking wrote:

Hi,

I have a need to change the next-hop address of all traffic entering interface A AND (leaving interface B OR has a next hop of X)

e.g.

Normally All traffic going out of interface Fa2/0 has next-hop of 10.0.0.2

I want traffic that has entered the router from F0/0 that is headed this way to have it's next hop set to 10.0.0.3

Traffic entering by any other interface (Fa0/1 , Fa1/0 etc) should follow normal routing.

Traffic entering Fa0/0 but is destined for an interface other than Fa2/0 should also be left alone.

Using an access-list and match ip is extremely difficult as both source and destinations are subject to frequent changes, and management overhead of the ACL would be cumbersome.

I have tried:

route-map MYMAP permit 10

  match interface Fa2/0

  set ip next-hop 10.0.0.3


interface FastEthernet0/1
ip address 172.16.1.1 255.255.255.0
ip policy route-map MYMAP

But this matches ALL packets entering F0/0

I have also tried

route-map MYMAP permit 10

  match ip next-hop ACL_NEXTHOP

  set ip next-hop 10.0.0.3


ip access-list standard ACL_NEXTHOP

  permit host 10.0.0.2

interface FastEthernet0/1
  ip address 172.16.1.1 255.255.255.0
  ip policy route-map MYMAP

Can anyone please point me in the right direction?

I have attached my Lab Diagram

Many Thanks,

Nick

Nick

The "match ip next-hop ..." command is used when route-maps are being used for redistribution between routing protocols ie. it cannot be used for PBR.

For PBR you have -

1) match ip address

2) match length

so you will need to use an acl with the source and destination networks i'm afraid.

Jon

Damn,  I was worried someone was going to say that.

Oh well, thanks Jon.

LOL I can't believe it just blanked out that word!

It isn't even a swear word!

I had another thought,

I don't suppose there is any way of applying a route-map to an EGRESS interface is there?

i.e.

Any packets EXITING Fa2/0 should have the next-hop set.

hsw_networking wrote:

I had another thought,

I don't suppose there is any way of applying a route-map to an EGRESS interface is there?

i.e.

Any packets EXITING Fa2/0 should have the next-hop set.

Nick

No swearing now

PBR takes place before routing for obvious reasons. So basically no because the router will already have decided the interface based on the routing table, it won't then try and apply PBR after that. Have a look at this link which describes the order of operation on a router -

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml

Jon

Bah!  :-)

OK Thanks again Jon.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: