03-05-2012 08:17 PM - edited 03-07-2019 05:22 AM
Hello,
i'm performing configuration PBR on catalyst 4503, but it doesn't work. Here is the configuration and basic diagram:
--> Router 3845 (10.4.30.20)
Server(10.4.28.60)--> ASA5520--> Catalyst 4503
--> Router 3945 (10.4.30.21)
Catalyst 4503:
access-list 110 permit ip host 10.4.28.60 10.1.0.0 0.0.255.255
access-list 110 permit ip host 10.4.28.60 10.3.0.0 0.0.255.255
access-list 110 permit ip host 10.4.28.60 10.5.0.0 0.0.255.255
access-list 110 permit ip host 10.4.28.60 10.6.0.0 0.0.255.255
!
route-map Corebank_policy permit 20
match ip address 110
set ip next-hop 10.4.30.20
!
Route-map is applied on interface vlan 10 (using connect from ASA to Catalyst 4503)
interface Vlan10
ip address 10.4.30.11 255.255.255.248
ip policy route-map Corebank_policy
standby 10 ip 10.4.30.9
standby 10 priority 200
standby 10 preempt
end
Show route-map command on 4503:
route-map Corebank_policy, permit, sequence 20
Match clauses:
ip address (access-lists): 110
Set clauses:
ip next-hop 10.4.30.20
Policy routing matches: 30 packets, 1800 bytes
Sometime, Traffic still pass through Router 3945 (10.4.30.21).
If there is any one there have an idea what it is then pls tell
Thanks
Solved! Go to Solution.
03-06-2012 01:20 AM
Dear Vivek,
it's for redundant purpose only.
Thanks
03-06-2012 12:48 AM
Hello Mr Anh,
Did you get a chance to run those debugs as requested by me? Debugs will provide us a good picture of what could be happening.
Thanks
Vivek
03-06-2012 12:55 AM
Dear Vivek,
Sorry for late reply, Here is the output of debug ip policy when i tracer 10.5.1.1 on ip 10.4.28.2
026155: 2w2d: IP: s=10.4.28.9 (Vlan10), d=10.4.29.60, len 1029, FIB policy rejected(no match) - normal forwardingPolicy NextHop Inquiry: Corebank_policy seq: 20, type: INVALID SW_OBJ_TYPE: 0, SW_HANDLE: 0
026156: 2w2d: IP: s=10.4.28.2 (Vlan10), d=10.5.1.1, len 28, policy match
026157: 2w2d: IP: route map Corebank_policy, item 20, permit
026158: 2w2d: IP: s=10.4.28.2 (Vlan10), d=10.5.1.1 (Vlan11), len 28, policy routed
026159: 2w2d: IP: Vlan10 to Vlan11 10.4.30.20
026160: 2w2d: IP: s=10.4.28.2 (Vlan10), d=10.5.1.1, len 28, policy match
026161: 2w2d: IP: route map Corebank_policy, item 20, permit
026162: 2w2d: IP: s=10.4.28.2 (Vlan10), d=10.5.1.1 (Vlan11), len 28, policy routed
026163: 2w2d: IP: Vlan10 to Vlan11 10.4.30.20
026164: 2w2d: IP: s=10.4.28.2 (Vlan10), d=10.5.1.1, len 28, policy match
026165: 2w2d: IP: route map Corebank_policy, item 20, permit
026166: 2w2d: IP: s=10.4.28.2 (Vlan10), d=10.5.1.1 (Vlan11), len 28, policy routed
026167: 2w2d: IP: Vlan10 to Vlan11 10.4.30.20Policy NextHop Inquiry: Corebank_policy seq: 20, type: INVALID SW_OBJ_TYPE: 0, SW_HANDLE: 0
Policy NextHop Inquiry: Corebank_policy seq: 20, type: INVALID SW_OBJ_TYPE: 0, SW_HANDLE: 0
HOHN_CS4503_02#Policy NextHop Inquiry: Corebank_policy seq: 20, type: INVALID SW_OBJ_TYPE: 0, SW_HANDLE: 0
026168: 2w2d: IP: s=10.4.28.2 (Vlan10), d=10.5.1.1, len 28, policy match
026169: 2w2d: IP: route map Corebank_policy, item 20, permit
026170: 2w2d: IP: s=10.4.28.2 (Vlan10), d=10.5.1.1 (Vlan11), len 28, policy routed
026171: 2w2d: IP: Vlan10 to Vlan11 10.4.30.20
026172: 2w2d: IP: s=10.4.28.2 (Vlan10), d=10.5.1.1, len 28, policy match
026173: 2w2d: IP: route map Corebank_policy, item 20, permit
026174: 2w2d: IP: s=10.4.28.2 (Vlan10), d=10.5.1.1 (Vlan11), len 28, policy routed
026175: 2w2d: IP: Vlan10 to Vlan11 10.4.30.20
026176: 2w2d: IP: s=10.4.28.2 (Vlan10), d=10.5.1.1, len 28, policy match
026177: 2w2d: IP: route map Corebank_policy, item 20, permit
026178: 2w2d: IP: s=10.4.28.2 (Vlan10), d=10.5.1.1 (Vlan11), len 28, policy routed
026179: 2w2d: IP: Vlan10 to Vlan11 10.4.30.20Policy NextHop Inquiry: Corebank_policy seq: 20, type: INVALID SW_OBJ_TYPE: 0, SW_HANDLE: 0
026180: 2w2d: IP: s=10.4.28.9 (Vlan10), d=10.4.29.60, len 1029, FIB policy rejected(no match) - normal forwarding
and here is the tracer result:
traceroute 10.5.1.1
Type escape sequence to abort.
Tracing the route to 10.5.1.1
1 10.4.30.11 8 msec 0 msec 8 msec
2 10.4.30.21 0 msec 9 msec 0 msec
3 10.0.253.30 8 msec * 8 msec
03-06-2012 01:21 AM
ok.what i think is Reason you have /32 route is because your ospf network type is point to multipoint.So even though you have the network as directly connected ,it is seeing the interface as /32 host route.and your debug shows that it is not able to reach the next hop
26179: 2w2d: IP: Vlan10 to Vlan11 10.4.30.20Policy NextHop Inquiry: Corebank_policy seq: 20, type: INVALID SW_OBJ_TYPE: 0, SW_HANDLE: 0
The moment you make ospf network point to multipoint it wil inject host route /32 for interface.Now to get around this problem
1.changing the network type of ospf(I am not sure how feasible it would be in your production)
2.IOS which supports the recursive command
I will look for the command support for this platform side by side could you please let me know if you have got chance to test it with connected interface.
03-09-2012 07:56 AM
Dear Vivek, Mukti Chandwani,
I chang the network type of OSPF and PBR Works ok.
Thanks
03-09-2012 05:01 PM
Thats a great news. Thanks for updating.
03-10-2012 09:33 AM
Perfact.Thanks for the update.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide