Help me on PBR issue

Unanswered Question
May 25th, 2010

v\:* {behavior:url(#default#VML);} o\:* {behavior:url(#default#VML);} w\:* {behavior:url(#default#VML);} .shape {behavior:url(#default#VML);} /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;}

Hi Everyone,

                       I am having that kind of PBR issue in client side. Actually they want to do Policy Based Routing through their main office to branch. I change the ip address because of privacy policy.

This is the main office subnet scope. Their special subnet is 203.72.87.xx/25 /24

Main office have cisco 4507 switch connected to layer 3 ospf link with 2 juniper edge device.


The task is to trasfer packet from following address through juniper edge device1 to



To trasfer packet from following address through juniper edge device 2 to

If PBR is not enable by default , it is go through link2 (juniper device 2).

When i do show run, the address ,, are already in the permit access list. That mean i don't need to put it on access list again. But is in the ip helper list. But there is no vlan ip for, , , ,, . When i do ip route command , the traffic are not involved either.

Eigrp is running on the list and it is /16 network.from what i know is doing acl 1st, and then routemap and redistribute .  In my case, i think i should use ospf to redistribute.And the last thing  is apply routemap to interface.But now I am very confuse that do i need to add this ip address to vlan 1st and doing this or I have no idea how to configure this switch to do policy based routing. Anyone please enlighten me.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Calin Chiorean Wed, 05/26/2010 - 03:20

Hi there!

To be honest your explanation is not very accurate, but I'll try to help based on what I understood.

So, what I think is that you want is that traffic from certain source (subnets, IP addresses) to take path 1 (Juniper device 1) to a destination. The same from some other sources to the same destination but on the path 2 (Juniper device 2).

Am I right?

If yes, the solution would be:

-match the source addresses (the ones that you want to make traffic over the path1) in a prefix-list or ACL

-configure a route-map in which you match the prefix-list or ACL in the previous step

-in the same route-map set next-hop IP address on the Juniper device 1

-configure PBR on the interface with ip policy route-map "Route-map NAME created above"

Please let me know if this is not clear enough for you.


smith54321 Wed, 05/26/2010 - 06:10


                  Thank you for your explanation. But how about OSPF? I think we need to run the traffic on OSPF redistribution cause it include

juniper . My job scope is only on cisco switch to configure. The customer already configure juniper. If you know the OSPF Redistribution

together with route map please explain more for me. i am new to policy routing. Hope for your reply soon.

Calin Chiorean Wed, 05/26/2010 - 06:49

If you are using EIGRP in your LAN, and OSPF on the links to Juniper devices, you have to redistribute somehow EIGRP in OSPF and OSPF in EIGRP or announce default routes from OSPF.

I don't know exactly the configuration that you have there, but anyway PBR and network reachability through IP routing protocols are different topics.

You can look at PBR like conditional routing based on policies.

Anyway following my first idea, or any idea that you have, you need somehow to achieve reachability between subnets, and only then to apply PBR.

Let me know if I can help you more.

smith54321 Wed, 05/26/2010 - 09:41

Hi Calin,

                thank you for your quick feedback. you are correct . they use eigrp in their lan. so the first thing i need to do is

#router ospf (area no)

#redistribute eigrp (autonomous no)  subnets routemap ( routemap name)

#network  ( area 0

#default metric 10

for acccess list

access-list 101 permit ip any host

route-map reroute10 traffic permit 10

match ip address 101

set (interface or ip address of the juniper device 1)

Ip policy route-map reroute10traffic

This is for one ip to 1 juniper. In my case , if i need to route so many ip, i have to add all those in every access-list .I can do access list 101 for juniper 1 and accesslist 102 for juniper 2. But what i am not sure is can it be work cause my ip from here is differnet subnets /16 , /32 , /24.

Thats my understanding. I am quite worry because i will get to complete this within 4 hrs. If i am mistake, plz show me the way .

Calin Chiorean Thu, 05/27/2010 - 05:19

Sorry for the late answer. This seems to be OK, just that in the route-map you use for PBR, you need to set there

set ip next-hop "IP_Juniper1"

Does it work?


This Discussion