07-23-2007 01:06 PM - edited 03-05-2019 05:27 PM
Hey...
My organization has multiple sites, and multiple connections to the internet. I set up the following to get vlan 18 internet traffic going out the connection at another site. There's a mistake here - The IP address in the route-map doesn't exist.
Yet, I have functioning internet access from workstations in Vlan 18. When I traceroute from a workstation in Vlan 18, I go out the default route.
I would have thought that for matching traffic, the route-map's default next-hop overwrote the router's default route.
Clearly I'm wrong on that - Can anyone clarify what's actually happening?
TIA...
#sh access-l 181
Extended IP access list 181
10 permit ip x.x.18.0 0.0.0.255 any (845093 matches)
#sh route-map
route-map Wireless, permit, sequence 10
Match clauses:
ip address (access-lists): 181
Set clauses:
ip default next-hop 10.30.202.3
Policy routing matches: 845115 packets, 97431971 bytes
#sh run int vlan18
Building configuration...
Current configuration : 344 bytes
!
interface Vlan18
description DOv0018_Wireless
ip address x.x.18.2 255.255.255.0
ip access-group 109 in
ip helper-address x.x.x.x
no ip redirects
no ip proxy-arp
ip wccp web-cache redirect out
ip wccp web-cache redirect in
ip policy route-map Wireless
standby 18 ip x.x.18.1
standby 18 priority 200
standby 18 preempt
end
#sh access-l 109
Extended IP access list 109
10 permit tcp any any established (653532 matches)
20 permit udp any any eq bootps (739 matches)
30 permit icmp any any (359 matches)
40 permit udp x.0.0.0 0.255.255.255 x.0.0.0 0.255.255.255 eq domain
50 permit tcp x.0.0.0 0.255.255.255 x.0.0.0 0.255.255.255 eq domain
60 deny ip any x.0.0.0 0.255.255.255 (22758 matches)
70 permit ip x.0.0.0 0.255.255.255 any (307368 matches)
#sh run | i 0.0.0.0
ip route 0.0.0.0 0.0.0.0 x.x.2.254
Solved! Go to Solution.
07-23-2007 02:05 PM
When the only route to the destination is the default route,there is no specific route for that destination in the routing tale, the packet is policy routed.
When you loose the next hop, the packet follows the normal forwarding (routing table)
http://www.cisco.com/en/US/tech/tk364/technologies_configuration_example09186a00801f3b54.shtml
HTH
Narayan
07-23-2007 01:25 PM
I may be wrong here but if the route map has a bad IP, there there is no match.
Therefore, the default route does apply.
07-23-2007 02:05 PM
When the only route to the destination is the default route,there is no specific route for that destination in the routing tale, the packet is policy routed.
When you loose the next hop, the packet follows the normal forwarding (routing table)
http://www.cisco.com/en/US/tech/tk364/technologies_configuration_example09186a00801f3b54.shtml
HTH
Narayan
07-23-2007 03:17 PM
Linea,
See the response(s) below.
"The IP address in the route-map doesn't exist"
I assume you mean the 'next-hop' address in the route map.
"Yet, I have functioning internet access from workstations in Vlan 18. When I traceroute from a workstation in Vlan 18, I go out the default route"
If the router doesn't have a specific route to the destination then it should use the default next-hop address specified in the route map and not the default route.
"I would have thought that for matching traffic, the route-map's default next-hop overwrote the router's default route"
Yes the default next-hop should be used if the router didn't have a specific route to the destination of the IP packet.
HTH
Sundar
07-23-2007 04:52 PM
Thanks Narayan,
Case Study 2 makes it perfectly clear:
when the next-hop defined by the route-map is unavailable, you get "policy rejected -- normal forwarding".
Thanks again...
07-23-2007 05:19 PM
Hey...
As it turns out, there is a match, however, since the route doesn't exist, you get a "policy rejected" message if you turn on debug ip policy.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: