Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Possibility to use both Time Range ACL and PBR.

                   Hello

I would like to find out the attached requirement.

If there is any related information we greatly appreciate it.

Actually I have already configure on Cisco1812J by using the following command.

however the ACL status still shows "inactive" and the PBR does not function.

--------------------------------------------------------------------------------------------

*Configuration on R1

time-range PBR-TIME

periodic weekdays 15:40 to 15:41

!

ip access-list extended PBR-TIME

permit ip host 10.0.30.11 host 1.1.1.1 time-range PBR-TIME

!

route-map PBR-TIME permit 10

match ip address PBR-TIME

set ip next-hop 10.0.20.3

!

interface Vlan1

ip address 10.0.30.1 255.255.255.0

ip policy route-map PBR-TIME

--------------------------------------------------------------------------------------------

*Verification

R1#sh ip access-lists

Extended IP access list PBR-TIME

    10 permit ip host 10.0.30.11 host 1.1.1.1 time-range PBR-TIME (inactive)

!

R1#sh route-map

route-map PBR-TIME, permit, sequence 10

  Match clauses:

    ip address (access-lists): PBR-TIME

  Set clauses:

    ip next-hop 10.0.20.3

  Policy routing matches: 0 packets, 0 bytes

--------------------------------------------------------------------------------------------

*Traceroute from SW1

SW1#traceroute 1.1.1.1

Type escape sequence to abort.

Tracing the route to 1.1.1.1

VRF info: (vrf in name/id, vrf out name/id)

  1 10.0.30.1 0 msec 0 msec 9 msec

  2 10.0.10.2 0 msec 0 msec 17 msec

  3 10.0.11.254 0 msec *  0 msec

--------------------------------------------------------------------------------------------

Everyone's tags (2)
3 REPLIES

Possibility to use both Time Range ACL and PBR.

Hi,

in my opinion the config you posted is correct. Try to remove and re-apply on vlan1

ip policy route-map PBR-TIME, but if in this case will work is not correct, because the PBR doesn't need to remove and re-apply.

The second thing is to try to do a clear arp because the time-range is very short...

Third, check the time on switch with sh clock or sh ntp association to check if clock is synchronized or correct. But i think that you already checked.

Bye

Purple

Possibility to use both Time Range ACL and PBR.

Hi,

Inactive means that you are not in the correct time-range so verify your clock and set it to correct time then it will go active and the PBR will be working.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
New Member

Possibility to use both Time Range ACL and PBR.

Oh that is incredible!!

It has been functioning correctly like this.

Thank you for quick and precious advise.

Regards,

Masanobu Hiyoshi

------------------------------------------------------------------------------------------

R1#sh ip access-lists
Extended IP access list PBR-TIME
    10 permit ip host 10.0.30.11 host 1.1.1.1 time-range PBR-TIME (active) (45 matches)
(omit)
R1#sh ip access-lists
Extended IP access list PBR-TIME
    10 permit ip host 10.0.30.11 host 1.1.1.1 time-range PBR-TIME (inactive) (45 matches)
R1#

-------------------------------------------------------------

SW1#traceroute 1.1.1.1
Type escape sequence to abort.
Tracing the route to 1.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
  1 10.0.30.1 0 msec 0 msec 0 msec
  2 10.0.20.3 0 msec 0 msec 9 msec
  3 10.0.21.254 0 msec *  0 msec

SW1#traceroute 1.1.1.1
Type escape sequence to abort.
Tracing the route to 1.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
  1 10.0.30.1 0 msec 9 msec 0 msec
  2 10.0.10.2 0 msec 0 msec 8 msec
  3 10.0.11.254 0 msec *  0 msec

193
Views
0
Helpful
3
Replies