Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

policy route-map

I've next configuration:

!

interface Ethernet0

ip address A.B.C.111 255.255.255.0

ip route-cache policy

ip policy route-map PING

!

access-list 12 permit A.B.C.2

route-map PING permit 10

match ip address 12

set ip next-hop A.B.C.1

!

From debug-

2w0d: IP: local to Ethernet0 A.B.C.1

2w0d: IP: s=A.B.C.111 (local), d=A.B.C.30, len 41, policy match

2w0d: IP: route map PING, item 10, permit

2w0d: IP: s=A.B.C.111 (local), d=A.B.C.30 (Ethernet0), len 41, policy routed

2w0d: IP: local to Ethernet0 A.B.C.1

2w0d: IP: s=A.B.C.111 (local), d=A.B.C.2, len 84, policy match

2w0d: IP: route map PING, item 10, permit

2w0d: IP: s=A.B.C.111 (local), d=A.B.C.2 (Ethernet0), len 84, policy routed

2w0d: IP: local to Ethernet0 A.B.C.1

2w0d: IP: s=A.B.C.111 (local), d=A.B.C.30, len 41, policy match

2w0d: IP: route map PING, item 10, permit

2w0d: IP: s=A.B.C.111 (local), d=A.B.C.30 (Ethernet0), len 41, policy routed

2w0d: IP: local to Ethernet0 A.B.C.1

It means that RBP doesn't work ( because i see policy match for addresses which i don't have in ACL 12)? Where i was wrong?

3 REPLIES

Re: policy route-map

Hi,

if I understand correctly, the traffic displayed is router originated. If I remember correctly, router originated traffic is handled different way from network originated traffic (it passes all ACLs).

BTW, I don't understand your route map - are you trying to route the traffic from one PC back to another router on the same Ethernet?

Regards,

Milan

Community Member

Re: policy route-map

It's test router and i try to understand PBR and write SET rule only for example. Is behavior of policy ( match or reject ) depends of SET rule - i think that it depends of line MATCH ....

In my case i see that MATCH ... line doesn't work. Am i right?

Re: policy route-map

Yes, but my understanding is the MATCH is caused by the traffic PERMITED by the ACL 12, which is incorrect caused by traffic origin - the router.

If you try to send the traffic from another PC, not from the router, it should not be permited by the ACL 12 and so route map set wouldn't apply and the traffic wouldn't be policy-routed.

Regards,

Milan

247
Views
0
Helpful
3
Replies
CreatePlease to create content