Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

police route and match community-list

Hi All,

I have a C3825, and have been using standard ACLs and a PBR to route certain HTTP traffic via an alternative default gateway:

route-map RTRMAP-OfficeLAN permit 10

match ip address RTRMAP-OfficeLAN-toADSL

set ip next-hop x.x.x.x

This is working absolutely fine, and as expected, all traffic matching the ACL is being sent to x.x.x.x

However, we have recently expanded our network, and I am now receiving various networks via BGP from various sources.  All BGP incoming via iBGP is tagged in communities:

Community (expanded) access list 100

    permit 37xxx:100

Community (expanded) access list 200

    permit 37xxx:200

Community (expanded) access list 300

    permit 37xxx:300

Community (expanded) access list 400

    permit 37xxx:400

Community (expanded) access list 500

    permit 37xxx:500

All communities are also matching prefixes when executing either 'sh ip bgp community 37xxx:100' or 'sh ip bgp community-list 100'

What I am trying to achieve, is create an EXCEPTION for the policy route.  Traffic matching the community lists, must be forwarded based on the routers routing table, whilst traffic maching the ACL, must be sent via the policy route...

route-map RTRMAP-OfficeLAN permit 5

match community 100 200 300 400 500

!

route-map RTRMAP-OfficeLAN permit 10

match ip address RTRMAP-OfficeLAN-toADSL

set ip next-hop x.x.x.x

My logic dictates to me that the above should work, but looking at the route-map, I get matches on seq 5 and pacets are exiting the route-map as expected (first matched).  However no traffic that does NOT match community 100,200,300,400 or 500 and that DOES match the RTRMAP-OfficeLAN-toADSL never matches.

The counters on the route-map for seq 5 is increasing, but no counters are increasing at seq 10..  It's almost as if seq 5 is matching all traffic.

Am I missing something?

Many thanks,

Chris.

Everyone's tags (3)
1 REPLY
Purple

police route and match community-list

Hi,

you can't use community-list for PBR afaik it only accepts ACLs for matching.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
321
Views
0
Helpful
1
Replies
CreatePlease to create content