Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Bronze

PBR and prefix-lists

I'm doing a test of PBR, and it seems to work fine with access-lists, but I'd like to use prefix-lists and rather than behaving the same, it instead matches all packets regardless of source address. Config:

interface Vlan1

ip address 192.168.1.1 255.255.255.0

ip policy route-map TEST

!

ip prefix-list Servers permit 192.168.1.128/25

!

route-map TEST permit 10

match ip address prefix-list Servers

set ip next-hop 192.168.1.2

set ip next-hop verify-availability

!

# debug ip policy

Apr 26 01:46:08.192: IP: s=192.168.1.5 (Vlan1), d=66.246.246.52, len 518, FIB policy match

Apr 26 01:46:08.192: IP: s=192.168.1.5 (Vlan1), d=66.246.246.52, g=192.168.1.2, len 518, FIB policy routed

Works as expected:

ip access-list standard Servers

permit 192.168.1.128 0.0.0.127

!

route-map TEST permit 10

match ip address Servers

set ip next-hop 192.168.1.2

set ip next-hop verify-availability

!

#debug ip policy

Apr 26 01:52:58.578: IP: s=192.168.1.5 (Vlan1), d=66.246.246.52, len 78, FIB policy rejected(no match) - normal forwarding

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: PBR and prefix-lists

John,

The prefix-list feature was designed to perform routing protocol route filtering and it is therefore not supported in a PBR context.

Hope this helps,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
3 REPLIES
Cisco Employee

Re: PBR and prefix-lists

John,

The prefix-list feature was designed to perform routing protocol route filtering and it is therefore not supported in a PBR context.

Hope this helps,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Bronze

Re: PBR and prefix-lists

Interesting. This was my suspicion, but I noticed it is supported with OER.

Bronze

Re: PBR and prefix-lists

I've also noticed it doesn't seem to work with Named ACLs. This works:

access-list 1 permit 192.168.1.128 0.0.0.127

!

route-map TEST permit 10

match ip address 1

set ip next-hop 192.168.1.2

set ip next-hop verify-availability

!

This does not:

ip access-list standard Servers

permit 192.168.1.128 0.0.0.127 log

!

route-map VoIP-T1 permit 10

match ip address Servers

set ip next-hop 192.168.1.2

set ip next-hop verify-availability

!

My IOS version is 12.4(7e)

1458
Views
0
Helpful
3
Replies