Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Policy based routing on 1921 ip base license...not working?

Hi

We've got three routers, one 1921 and two 1811.  We've configured policy based routing on these two devices, and it seems to be working fine for the one router 1811, but on the 1921, the policy routing doesn't seem to be doing anything/working.  The 1921 is an ip base license...does this need to be DATA for PBR to work?

What we are trying to do is have the 1921 control internal routing to one of the external/edge 1811 routers.  One of the 1811 routers is the normal default route and the other should only be used as directed by the policy route config...which is as follows;

interface facing the server 0/0.10

encap dot1q 10

desc servers

ip add 192.168.40.1 255.255.255.0

ip policy route-map owa_policy_route

!

ip access-list extended owa_policy_route

permit tcp host 192.168.40.21 eq 443 any

!

route-map owa_policy_route permit 10

match ip address owa_policy_route

set ip default next-hop 192.168.109.252   (internal IP of the 1811)

!

Any thoughts?

Thanks.

  • WAN Routing and Switching
14 REPLIES
Purple

Policy based routing on 1921 ip base license...not working?

Hi,

Could it simply be that you typed the ACL wrong and it should be:

ip access-list extended owa_policy_route

permit tcp host 192.168.40.21 any eq 443

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
New Member

Policy based routing on 1921 ip base license...not working?

No, it’s the response from the server, which is the owa, that we want going out the other feed.  So when users connect to him in from this second feed, he has to respond back out that second feed.

Your version would force traffic from this host, destined to TCP443 out that feed, but its the traffic from this host SOURCE tcp443 we need to control.

Make sense?

Thanks.

Purple

Policy based routing on 1921 ip base license...not working?

Hi,

ok makes sense.

What does sh access-list, sh route-map and debug ip policy is telling ?

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
New Member

Policy based routing on 1921 ip base license...not working?

The ACL shows no hits, the route-map shows no matches and a debug shows nothing either...which is what leads me to believe it's a license/bug issue?

Purple

Policy based routing on 1921 ip base license...not working?

Hi,

which IOS image have you got ?

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
New Member

Policy based routing on 1921 ip base license...not working?

c1900-universalk9-mz.SPA.152-2.T.bin

Purple

Policy based routing on 1921 ip base license...not working?

Hi,

Cisco feature navigator tells us this is implemented on your IOS/licence.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
New Member

Policy based routing on 1921 ip base license...not working?

I'm not sure I follow...are you saying according this Cisco this should work, and since it's not it's a bug...I also checked the feature tool before opening this post, but as I've seen in the past, that tool is not the final word/gospel and MANY times we've found features that should be that just are not.


Thanks...waiting on Cisco TAC to chime in now.

Purple

Policy based routing on 1921 ip base license...not working?

Hi,

Yes if we believe what they say there it is supported, I don't have acces to bug toolkit so if it is referenced there I can't tell you.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
2495
Views
0
Helpful
14
Replies
This widget could not be displayed.