Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PBR/Router-generated traffic?

Hi,

I am implementing PBR on an ISR 1921 router.  I have created a route-map to match FTP, VPN, HTTPS and HTTP traffic and route this traffic outside a particular interface and another route-map to match SMTP traffic and route it via another interface.  I am testing the route-map by generating for example FTP traffic, and checking that packets are marked as being matched when I run #show route-map and #show access-list.  For VPN, FTP and SMTP, the show commands make sense and show that all is working as expected.

What is strange is that I am NOT generating any HTTP or HTTPS traffic but I am still getting the route-map and access-list counters continuously incrementing.  I even installed wireshirk on the 3 laptops I am using for testing, and no HTTP/HTTPS traffic is being noticed.  Any ideas what this could be?  Is the router generating some traffic itself?  (I did read that the router-generated traffic is NOT matched by the route-map unless specified and I have turned the Cisco Configuration Professional in case it is using HTTP/HTTPS).

Here is the related config:

interface GigabitEthernet0/0

description $ETH-LAN$ (this is the interface which is seeing the traffic)

ip address 192.168.11.1 255.255.255.0

....

ip policy route-map route_traffic_to_outside

.....

ip access-list extended ISP1

permit tcp object-group Internal_Network any eq smtp

ip access-list extended ISP2

  permit object-group FTP object-group Internal_Network any

permit object-group VPN object-group Internal_Network any

permit tcp object-group Internal_Network any eq www

....

route-map route_traffic_to_outside permit 1

match ip address ISP1

set interface FastEthernet0/0/0

!

route-map route_traffic_to_outside permit 2

match ip address ISP2

set interface FastEthernet0/0/1

Any clues would be appreciated as I cannot understand what is happening.

Thanks,

Tiziana

212
Views
0
Helpful
0
Replies
CreatePlease login to create content