Solved: Hi,setting the tag has no

zsmr00001 · ‎05-11-2014

Hello,

I would like to know how I can use "set tag" in Route-map in order to lead traffic specific throug static route with "ip route".

I believe that I can do the following:

access-list 101 permit ip 192.168.120.0 0.0.0.255 any /* Filtering Lan Traffic Specific 1 */

access-list 102 permit ip 192.168.180.0 0.0.0.255 any /* Filtering Lan Traffic Specific 2 */

!

route-map XXXX permit 10 /* Tag 20 is related to Lan traffic specific 1 */

match ip address 101

set tag 20

!

route-map YYYY permit 20 /* Tag 30 is related to Lan traffic specific 2 */

match ip address 102

set tag 30

!

interface GigabitEthernet0/1.20 /* Applying route-map to Lan subinterface */

encapsulation dot1Q 20

ip address 192.168.120.1 255.255.255.0

ip policy route-map XXXX

!

interface GigabitEthernet0/1.21 /* Applying route-map to Lan subinterface */

encapsulation dot1Q 21

ip address 192.168.180.1 255.255.255.0

ip policy route-map YYYY

!

ip route 172.18.70.0 255.255.255.0 11.0.15.1 tag 20 /* traffic specific 1 is transmit to 172.18.0.70 through next hop 11.0.15.1 */

ip route 172.18.70.0 255.255.255.0 11.0.15.5 tag 30 /* traffic specific 2 is transmit to 172.18.0.70 through next hop 11.0.15.5 */

Is this correct ?, or is there another way to approach this issue?

Thanks for your answer in advance.

cadet alain · ‎05-13-2014

Hi,

The PBR config looks correct but to verify it is working you should fire up this debug on R1: debug ip policy

first post the output of this command to verify the PBR part is working

Remark:

all those routes are unnecessary as these are directly connected networks

ip route 11.0.12.0 255.255.255.252 GigabitEthernet0/0.80
ip route 11.0.12.4 255.255.255.252 GigabitEthernet0/0.81
ip route 192.168.120.0 255.255.255.0 GigabitEthernet0/1.20
ip route 192.168.180.0 255.255.255.0 GigabitEthernet0/1.21

So you can safely get rid of them.

Also on R2 the second staic route is not correct:

ip route 192.168.120.64 255.255.255.192 11.0.12.6

It should be

ip route 192.168.180.0 255.255.255.0 11.0.12.6

Regards

Alain

Don't forget to rate helpful posts.

View solution in original post

Giuseppe Larosa · ‎05-12-2014

Hello,

you are attempting to use PBR Policy Based Routing. However, your method is quite indirect.

I'm not sure it can work.

The usual way is to set the IP next-hop directly inside the route-map invoked for PBR. You can use a

route-map XXXX

match ip address 101

set ip next-hop a.b.c.d

to achieve the desired result.

Note: you may need to use more specific ACLs if your idea is to move traffic with specific source/destination combinations

EDit:

route tags are used for controlling redistribution of routes between two routing protocols, rather then attempting to divert traffic.

Hope to help

Giuseppe

zsmr00001 · ‎05-12-2014

Hello Giuseppe,

Thanks, I understand, but one question more. If I use "set ip next hop" in route-map, so it will not be necessary to use "ip route 172.18.70.0 ....." ?

At first I did this , (without "ip route"), but the traffic only got the next hop and not the destination ( 172.18.0.70.0). On the next Router I had put the route to destination but I don't know why it didn't get there.

I am trying to lead traffic of Lan subinterfaces through Wan subinterfaces on the first Router, but they must be one to one.

Well, thanks again.

Regards

cadet alain · ‎05-12-2014

Hi,

setting the tag has no effect in PBR as it is not a valid set action.

Could you post a drawing and explain what you did previously and what was failing.

Regards

Alain

Don't forget to rate helpful posts.

zsmr00001 · ‎05-13-2014

Hello,

I send a drawing and a doc with details. Thanks for your help.

Regards

Sandro

cadet alain · ‎05-13-2014

Hi,

The PBR config looks correct but to verify it is working you should fire up this debug on R1: debug ip policy

first post the output of this command to verify the PBR part is working

Remark:

all those routes are unnecessary as these are directly connected networks

ip route 11.0.12.0 255.255.255.252 GigabitEthernet0/0.80
ip route 11.0.12.4 255.255.255.252 GigabitEthernet0/0.81
ip route 192.168.120.0 255.255.255.0 GigabitEthernet0/1.20
ip route 192.168.180.0 255.255.255.0 GigabitEthernet0/1.21

So you can safely get rid of them.

Also on R2 the second staic route is not correct:

ip route 192.168.120.64 255.255.255.192 11.0.12.6

It should be

ip route 192.168.180.0 255.255.255.0 11.0.12.6

Regards

Alain

Don't forget to rate helpful posts.

zsmr00001 · ‎05-14-2014

Hello Cadet,

Thanks for your feedback. Sorry, I was wrong. As you say, it looks correct. I did the mistake when I tested the ping from the Router-1 while the PRB applied to ingressing traffic and not to the generated traffic in the Router-1.

I have been doing this work remotely, because the sites are far each other.

Finally one person went to the remote site and verified, from de Lan1 and Lan2, that they was following the correct route.

Also, I was not sure about this routes:

ip route 11.0.12.0 255.255.255.252 GigabitEthernet0/0.80
ip route 11.0.12.4 255.255.255.252 GigabitEthernet0/0.81
ip route 192.168.120.0 255.255.255.0 GigabitEthernet0/1.20
ip route 192.168.180.0 255.255.255.0 GigabitEthernet0/1.21

Thanks for your advise.

The "ip route" in the Router-2, I have corrected too.

Thanks very much.

Best regards,

Sandro

Choosing next hop for traffic specific