11-07-2008 01:43 PM - edited 03-04-2019 12:14 AM
PBR is not functioning correctly. Here is the configuration:
ip access-list extended PBR
10 permit icmp any host 10.1.2.3
route-map PBR permit 10
match ip address PBR
set ip next-hop 172.16.251.1
interface FastEthernet0/0.2
ip policy route-map PBR
Scenario:
Host behind int f0/0.2 traces to host 10.1.2.3.
Packets are not being sent to the next hop getting this when I debug ip policy:
"policy rejected -- normal forwarding"
10.1.2.3 is not in the routing table
same thing when I change the set command to point at the nexthop interface.
Can anyone assist?
11-07-2008 01:53 PM
Anthoney
Perhaps we would understand the issue better if you would post a more complete configuration.
Is 10.1.2.3 a reachable address?
HTH
Rick
11-07-2008 08:49 PM
Yes but the router has only a default route to reach it. What else do you need in the way of configurations?
11-07-2008 09:03 PM
Please send the output of
sh ip route 172.16.251.X
11-10-2008 07:45 AM
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
S 172.16.251.1/32 is directly connected, Tunnel0
C 172.16.251.0/24 is directly connected, Tunnel0
11-10-2008 07:54 AM
Anthoney
Your next-hop is directly connected. Could you try either
1) set ip next-hop
OR
2) set interface tunnel0 instead of set ip next-hop
Jon
11-10-2008 08:22 AM
I already tried the interface command and it doesnt work either. 172.16.251.1 is the other end of the tunnel. The router has 2 default routes for all other routes. The route I am attempting to push the traffic to has a higher AD than the one thr router is choosing.
11-10-2008 08:37 AM
Anthoney
1) Can you check that you are getting hits on your PBR acl
2) Have you tried running "debug ip policy"
Jon
11-10-2008 08:42 AM
I am getting hits
Extended IP access list PBR
10 permit icmp host 205.105.5.153 any log (23 matches)
the debug shows the following:
FIB policy rejected(no match) - normal forwarding
11-10-2008 08:43 AM
I am getting hits
Extended IP access list PBR
10 permit icmp host 205.105.5.153 any log (23 matches)
the debug shows the following:
FIB policy rejected(no match) - normal forwarding
11-10-2008 09:04 AM
Anthoney
I appreciate you are trying to keep addresses private but apart from the fact that the ip address has changed in the access-list PBR it has also gone from being any to 10.2.1.3 to 205.1.5.5.153 to any.
This is confusing somewhat.
Could you perhaps post
1) running-config
2) "sh ip route"
3) "sh ip int brief"
Jon
11-11-2008 12:57 PM
Sorry about the confusion. I disabled CEF and now it works. I was under the impression that it works with CEF.
11-11-2008 01:39 PM
Anthoney
No problem, glad you got it working and thanks for letting us know.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide