Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
530
Views
0
Helpful
5
Replies

Help me on PBR issue

smith54321
Level 1
Level 1

‎05-25-2010 11:14 PM - edited ‎03-04-2019 08:35 AM

Hi Everyone,

                       I am having that kind of PBR issue in client side. Actually they want to do Policy Based Routing through their main office to branch. I change the ip address because of privacy policy.

This is the main office subnet scope. Their special subnet is 203.72.87.xx/25

203.72.87.0 /24

203.72.88.0/24

203.72.89.0/24

203.87.90.0/24

203.87.91.0/24

203.87.92.0/24

203.87.93.0/24

Main office have cisco 4507 switch connected to layer 3 ospf link with 2 juniper edge device.

clip_image003.jpg

The task is to trasfer packet from following address through juniper edge device1 to 203.72.87.0/25

203.72.90.3/32

203.72.90.4/32

203.72.90.5/32

xx.xx.xx.xx/16

xx.xx.xx.xx/24

To trasfer packet from following address through juniper edge device 2 to 203.72.87.0/25

203.72.87.3/32

203.72.87.4/32

203.72.87.5/32

If PBR is not enable by default , it is go through link2 (juniper device 2).

When i do show run, the address 203.72.90.3 , 203.72.90.4, 203.72.90.5 are already in the permit access list. That mean i don't need to put it on access list again. But  203.72.87.3 is in the ip helper list. But there is no vlan ip for 203.72.87.3, 203.72.87.4 , 203.72.87.5 ,203.72.90.3 , 203.72.90.4, 203.72.90.5 . When i do ip route command , the traffic are not involved either.

Eigrp is running on the list and it is /16 network.from what i know is doing acl 1st, and then routemap and redistribute .  In my case, i think i should use ospf to redistribute.And the last thing  is apply routemap to interface.But now I am very confuse that do i need to add this ip address to vlan 1st and doing this or I have no idea how to configure this switch to do policy based routing. Anyone please enlighten me.

Labels:
0 Helpful
5 Replies 5

Calin C.
Level 5
Level 5

‎05-26-2010 03:20 AM

Hi there!

To be honest your explanation is not very accurate, but I'll try to help based on what I understood.

So, what I think is that you want is that traffic from certain source (subnets, IP addresses) to take path 1 (Juniper device 1) to a destination. The same from some other sources to the same destination but on the path 2 (Juniper device 2).

Am I right?

If yes, the solution would be:

-match the source addresses (the ones that you want to make traffic over the path1) in a prefix-list or ACL

-configure a route-map in which you match the prefix-list or ACL in the previous step

-in the same route-map set next-hop IP address on the Juniper device 1

-configure PBR on the interface with ip policy route-map "Route-map NAME created above"

Please let me know if this is not clear enough for you.

Calin

0 Helpful

smith54321
Level 1
Level 1
In response to Calin C.

‎05-26-2010 06:10 AM

Brother,

                  Thank you for your explanation. But how about OSPF? I think we need to run the traffic on OSPF redistribution cause it include

juniper . My job scope is only on cisco switch to configure. The customer already configure juniper. If you know the OSPF Redistribution

together with route map please explain more for me. i am new to policy routing. Hope for your reply soon.

0 Helpful

Calin C.
Level 5
Level 5
In response to smith54321

‎05-26-2010 06:49 AM

If you are using EIGRP in your LAN, and OSPF on the links to Juniper devices, you have to redistribute somehow EIGRP in OSPF and OSPF in EIGRP or announce default routes from OSPF.

I don't know exactly the configuration that you have there, but anyway PBR and network reachability through IP routing protocols are different topics.

You can look at PBR like conditional routing based on policies.

Anyway following my first idea, or any idea that you have, you need somehow to achieve reachability between subnets, and only then to apply PBR.

Let me know if I can help you more.

0 Helpful

smith54321
Level 1
Level 1
In response to Calin C.

‎05-26-2010 09:41 AM

Hi Calin,

                thank you for your quick feedback. you are correct . they use eigrp in their lan. so the first thing i need to do is

#router ospf (area no)

#redistribute eigrp (autonomous no)  subnets routemap ( routemap name)

#network  ( 203.72.87.0) 0.0.128.255 area 0

#default metric 10

for acccess list

access-list 101 permit ip any host 203.72.87.3

route-map reroute10 traffic permit 10

match ip address 101

set (interface or ip address of the juniper device 1)

Ip policy route-map reroute10traffic

This is for one ip to 1 juniper. In my case , if i need to route so many ip, i have to add all those in every access-list .I can do access list 101 for juniper 1 and accesslist 102 for juniper 2. But what i am not sure is can it be work cause my ip from here is differnet subnets /16 , /32 , /24.

Thats my understanding. I am quite worry because i will get to complete this within 4 hrs. If i am mistake, plz show me the way .

0 Helpful

Calin C.
Level 5
Level 5
In response to smith54321

‎05-27-2010 05:19 AM

Sorry for the late answer. This seems to be OK, just that in the route-map you use for PBR, you need to set there

set ip next-hop "IP_Juniper1"

Does it work?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card