11-30-2009 09:11 AM - edited 03-06-2019 08:46 AM
Hi,
I have a need to change the next-hop address of all traffic entering interface A AND (leaving interface B OR has a next hop of X)
e.g.
Normally All traffic going out of interface Fa2/0 has next-hop of 10.0.0.2
I want traffic that has entered the router from F0/0 that is headed this way to have it's next hop set to 10.0.0.3
Traffic entering by any other interface (Fa0/1 , Fa1/0 etc) should follow normal routing.
Traffic entering Fa0/0 but is destined for an interface other than Fa2/0 should also be left alone.
Using an access-list and match ip <acl> is extremely difficult as both source and destinations are subject to frequent changes, and management overhead of the ACL would be cumbersome.
I have tried:
route-map MYMAP permit 10
match interface Fa2/0
set ip next-hop 10.0.0.3
interface FastEthernet0/1
ip address 172.16.1.1 255.255.255.0
ip policy route-map MYMAP
But this matches ALL packets entering F0/0
I have also tried
route-map MYMAP permit 10
match ip next-hop ACL_NEXTHOP
set ip next-hop 10.0.0.3
ip access-list standard ACL_NEXTHOP
permit host 10.0.0.2
interface FastEthernet0/1
ip address 172.16.1.1 255.255.255.0
ip policy route-map MYMAP
Can anyone please point me in the right direction?
I have attached my Lab Diagram
Many Thanks,
Nick
11-30-2009 09:27 AM
hsw_networking wrote:
Hi,
I have a need to change the next-hop address of all traffic entering interface A AND (leaving interface B OR has a next hop of X)
e.g.
Normally All traffic going out of interface Fa2/0 has next-hop of 10.0.0.2
I want traffic that has entered the router from F0/0 that is headed this way to have it's next hop set to 10.0.0.3
Traffic entering by any other interface (Fa0/1 , Fa1/0 etc) should follow normal routing.
Traffic entering Fa0/0 but is destined for an interface other than Fa2/0 should also be left alone.
Using an access-list and match ip
is extremely difficult as both source and destinations are subject to frequent changes, and management overhead of the ACL would be cumbersome. I have tried:
route-map MYMAP permit 10
match interface Fa2/0
set ip next-hop 10.0.0.3
interface FastEthernet0/1
ip address 172.16.1.1 255.255.255.0
ip policy route-map MYMAPBut this matches ALL packets entering F0/0
I have also tried
route-map MYMAP permit 10
match ip next-hop ACL_NEXTHOP
set ip next-hop 10.0.0.3
ip access-list standard ACL_NEXTHOP
permit host 10.0.0.2
interface FastEthernet0/1
ip address 172.16.1.1 255.255.255.0
ip policy route-map MYMAPCan anyone please point me in the right direction?
I have attached my Lab Diagram
Many Thanks,
Nick
Nick
The "match ip next-hop ..." command is used when route-maps are being used for redistribution between routing protocols ie. it cannot be used for PBR.
For PBR you have -
1) match ip address
2) match length
so you will need to use an acl with the source and destination networks i'm afraid.
Jon
11-30-2009 09:32 AM
Damn, I was worried someone was going to say that.
Oh well, thanks Jon.
11-30-2009 09:34 AM
LOL I can't believe it just blanked out that word!
It isn't even a swear word!
11-30-2009 09:45 AM
I had another thought,
I don't suppose there is any way of applying a route-map to an EGRESS interface is there?
i.e.
Any packets EXITING Fa2/0 should have the next-hop set.
11-30-2009 09:51 AM
hsw_networking wrote:
I had another thought,
I don't suppose there is any way of applying a route-map to an EGRESS interface is there?
i.e.
Any packets EXITING Fa2/0 should have the next-hop set.
Nick
No swearing now
PBR takes place before routing for obvious reasons. So basically no because the router will already have decided the interface based on the routing table, it won't then try and apply PBR after that. Have a look at this link which describes the order of operation on a router -
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml
Jon
11-30-2009 09:54 AM
Bah! :-)
OK Thanks again Jon.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: