Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Policy Based Routing with Deny

Hi All,

We have a Cat-3550 with a route-map for a SVI (VLAN 1) to redirect the traffic. Everything is fine except for the fact the traffic to the other VLANs are also routed the same way with additional hop. I would like to exclude this using a deny statement but for some reason that doesnt seem to work. Please find the config details below:

interface Vlan1

ip address 10.18.1.2 255.255.255.0

ip directed-broadcast

ip policy route-map server

no ip mroute-cache

end

route-map server permit 10

match ip address servers

set ip next-hop 10.18.122.6

ip access-list extended servers

permit ip 10.18.1.0 0.0.0.255 any

New config (which doesnt work)

route-map newserver deny 10

match ip address 199

!

route-map newserver permit 20

match ip address servers

set ip next-hop 10.18.122.6

access-list 199 permit ip 10.18.1.0 0.0.0.255 10.18.2.0 0.0.0.255

access-list 199 permit ip 10.18.1.0 0.0.0.255 10.18.3.0 0.0.0.255

access-list 199 permit ip 10.18.1.0 0.0.0.255 10.18.4.0 0.0.0.255

access-list 199 permit ip 10.18.1.0 0.0.0.255 10.18.5.0 0.0.0.255

What am i missing here. Thanks in advance,

Cheers

subra

8 REPLIES

Re: Policy Based Routing with Deny

Subra,

Your configuration looks good to me. You want to deny switching between Vlans to let them go using the normal routing table.

You may use a "debup ip policy" command to see what's going on.

Well, in case it really doesn't work. You may think about other ways.

!

route-map newserver permit 10

match ip address only-for-server

set ip next-hop 10.18.122.6

ip access-list extended only-for-server

deny ip 10.18.1.0 0.0.0.255 10.18.2.0 0.0.0.255

deny ip 10.18.1.0 0.0.0.255 10.18.3.0 0.0.0.255

deny ip 10.18.1.0 0.0.0.255 10.18.4.0 0.0.0.255

deny ip 10.18.1.0 0.0.0.255 10.18.5.0 0.0.0.255

permit ip 10.18.1.0 0.0.0.255 any

!

HTH,

Toshi

New Member

Re: Policy Based Routing with Deny

Cheers mate. It works.................

Bronze

Re: Policy Based Routing with Deny

Why not just add a "deny" statement to the front of your "permit" statement in the ip access-list extended servers access list?

Re: Policy Based Routing with Deny

Bret,

Are you really thinking about that way? If so, 5P! for you anyway! heheheh..

Toshi

Bronze

Re: Policy Based Routing with Deny

LOL, that's what I get for walking away before hitting the post button. One minute!

Re: Policy Based Routing with Deny

bret,

Maybe less than one minute! (grin)

Good job,Man

Toshi

New Member

Re: Policy Based Routing with Deny

no

New Member

Re: Policy Based Routing with Deny

I found the Details of the ip-address on the site http://www.ip-details.com/ Is there any website to know the details of the Ip-address owner.

159
Views
5
Helpful
8
Replies