Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Police Routing - deny

Hello,

when doing PBR:

(1)

route-map test permit 10

match ip address 100

set ip default next-hop 10.1.1.1

matching packets would try to use normal routing; if this router doesnt have a route in its routing table it would foward the packet to next hop 10.1.1.1

(2)

route-map test deny 10

match ip address 100

matching packets would go to normal routing

(3)

route-map test deny 10

match ip address 100

set ip default next-hop 10.1.1.1

matching packets would use normal routing because of the deny ; but there's a set statement here, so matching packets would try to use normal routing; if this router doesnt have a route in its routing table it would foward the packet to next hop 10.1.1.1

Why would I use deny and set on the same statment? Is this used?

because if I use deny to make matching traffic use normal routing, why am I using SET?

Let me know, if I am missing something here.

vlad

5 REPLIES

Re: Police Routing - deny

Hi Vlad,

AFAIK route maps overwrite the routing table entry. If the sequence of route map is PERMIT and the MATCH condition is met then the SET statement will perform the route overwriting the routing table entry. So in your (1) example PBR has a sequence type PERMIT and if the packet matches the MATCH condition then the packet will be fwded to next hop which is 10.1.1.1 overwriting the routing table entry.

IF the route map is having a DENY sequence, no SET statement will be able to be used. So in your (2) and (3) examples because the route map sequence is of DENY type matching packets will go to normal routing and no SET conditions will be used.

HTH

Ankur

Re: Police Routing - deny

so ankur when we are having the permit in route map then it will have the more preferance over routing table...and it will work as per the set command ...it will not use the path of the routing table....

And when you are having routemaps with the deny keword then the routing table pat will be more prefered ...am i right???

regards

Devang

Re: Police Routing - deny

HI Ankur

Just i need one clarification.Why we r using the deny statement if we want that traffic not use any set statements.I think there is not need for defining any PBR entry for denying any unwanted traffic as it is going to use the routing table.i am right please clarify.

Thanks

Mahmood

Re: Police Routing - deny

Hi Devang/Mahmood,

If the statement is marked as a deny, the packets meeting the match criteria are sent back through the normal forwarding channels (in other words, destination-based routing is performed).

Only if the statement is marked as permit and the packets meet the match criteria are all the set clauses applied. If the statement is marked as permit and the packets do not meet the match criteria, then those packets are also forwarded through the normal routing channel.

HTH

Ankur

Re: Police Routing - deny

thanks ankur for replying...and clearing our ideas...

regards

Devang

129
Views
3
Helpful
5
Replies