Need Help with Policy based routing on 6500 switch with FWSM.
I have 2 incoming vlans.
ip address 10.0.0.11 255.255.255.0
ip flow ingress
ip policy route-map split
standby 2 ip 10.0.0.3
standby 2 priority 110
standby 2 preempt
ip address 10.0.1.11 255.255.255.0
ip flow ingress
standby 3 ip 10.0.1.3
standby 3 priority 110
standby 3 preempt
The above 2 are internet facing vlans and i have some internal vlans behind the fwsm. There is a default route in the fwsm which directs all the traffic to vlan 2 and from there depending on the following route-maps it goes out of either vlan2 or vlan3.
route-map split permit 10
match ip address 120
set ip next-hop 10.0.0.10
route-map split permit 20
match ip address 130
set ip next-hop 10.0.1.10
access-list 120 permit ip 172.16.0.0 0.0.0.255 any
access-list 120 permit ip any 172.16.0.0 0.0.0.255
access-list 130 permit ip 172.16.1.0 0.0.0.255 any
access-list 130 permit ip any 172.16.1.0 0.0.0.255
Now i have added another internet facing vlan into the switch which is a vrf.
ip vrf forwarding data
ip address 192.168.10.1 255.255.255.0
Now to get some of the traffic to go out of this vrf vlan I made the following changes.
access-list 140 permit ip 172.16.2.0 0.0.0.255 any
access-list 140 permit ip any 172.16.2.0 0.0.0.255
route-map split permit 30
match ip address 140
set vrf data
Also, added the "ip vrf receive data" command on the Vlan2.
After making all the above changes i am still unable to route the 172.16.2.0 network out of the vlan 4.
Can someone help me, if i am doing something wrong. Any help is highly appreciated.
According to me, the mistake i am doing is, if i have to ping out of the vrf, i need to mention the source ip and it should be in the subnet of vrf vlan, But in my case it will be different is the PBR is applied to a different vlan. This is my assumption. If i am correct then can anyone help me out how to correct it or if there is some other issue can anyone let me know how to fix that.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...