Policy Based Routing not working correctly

anthoney_murphy · ‎11-07-2008

PBR is not functioning correctly. Here is the configuration:

ip access-list extended PBR

10 permit icmp any host 10.1.2.3

route-map PBR permit 10

match ip address PBR

set ip next-hop 172.16.251.1

interface FastEthernet0/0.2

ip policy route-map PBR

Scenario:

Host behind int f0/0.2 traces to host 10.1.2.3.

Packets are not being sent to the next hop getting this when I debug ip policy:

"policy rejected -- normal forwarding"

10.1.2.3 is not in the routing table

same thing when I change the set command to point at the nexthop interface.

Can anyone assist?

Richard Burts · ‎11-07-2008

Anthoney

Perhaps we would understand the issue better if you would post a more complete configuration.

Is 10.1.2.3 a reachable address?

HTH

Rick

HTH

Rick

anthoney_murphy · ‎11-07-2008

Yes but the router has only a default route to reach it. What else do you need in the way of configurations?

csco10716389 · ‎11-07-2008

Please send the output of

sh ip route 172.16.251.X

anthoney_murphy · ‎11-10-2008

172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks

S 172.16.251.1/32 is directly connected, Tunnel0

C 172.16.251.0/24 is directly connected, Tunnel0

Jon Marshall · ‎11-10-2008

Anthoney

Your next-hop is directly connected. Could you try either

1) set ip next-hop

OR

2) set interface tunnel0 instead of set ip next-hop

Jon

anthoney_murphy · ‎11-10-2008

I already tried the interface command and it doesnt work either. 172.16.251.1 is the other end of the tunnel. The router has 2 default routes for all other routes. The route I am attempting to push the traffic to has a higher AD than the one thr router is choosing.

Jon Marshall · ‎11-10-2008

Anthoney

1) Can you check that you are getting hits on your PBR acl

2) Have you tried running "debug ip policy"

Jon

anthoney_murphy · ‎11-10-2008

I am getting hits

Extended IP access list PBR

10 permit icmp host 205.105.5.153 any log (23 matches)

the debug shows the following:

FIB policy rejected(no match) - normal forwarding

anthoney_murphy · ‎11-10-2008

I am getting hits

Extended IP access list PBR

10 permit icmp host 205.105.5.153 any log (23 matches)

the debug shows the following:

FIB policy rejected(no match) - normal forwarding

Jon Marshall · ‎11-10-2008

Anthoney

I appreciate you are trying to keep addresses private but apart from the fact that the ip address has changed in the access-list PBR it has also gone from being any to 10.2.1.3 to 205.1.5.5.153 to any.

This is confusing somewhat.

Could you perhaps post

1) running-config

2) "sh ip route"

3) "sh ip int brief"

Jon

anthoney_murphy · ‎11-11-2008

Sorry about the confusion. I disabled CEF and now it works. I was under the impression that it works with CEF.

Jon Marshall · ‎11-11-2008

Anthoney

No problem, glad you got it working and thanks for letting us know.

Jon