From: Denton Bobeldyk (denny@xxxxxxxxxxxxxx)
Date: Tue Jan 04 2000 - 18:17:59 GMT-3
Thanks for the reply Kenneth,
I setup it up again without using the deny stmt, but still no luck, same
result.
The 2 match stmts means that both of them have to be matched.
I tried with just one, but still matched too much, so I thought I'd see if I
could
narrow my selection by throwing another match stmt in there, but still
everything
shows up.
All I'm really trying to do is any traffic destined for my neighbor's address
of 10.34.1.1
should be policy routed by changing the next-hop to 10.34.1.1 (the same addr).
This is
actually a replication of a more complicated scenario, but it doesn't even work
with this
simple scenario...
-Denny
"Kenneth R. Snell" wrote:
> It's the deny statement in your access list. Addresses, even though you say
> "deny" are matched. (remember, its not a true access-list filter in this
> case).
>
> You probably can make this work by deleting the last line, but looking at
> your config, it looks like you want any traffic sourced from E1 to use
> 10.34.1.1 as a next hop?? The 2 "match" statements confuse me.
>
> Denton Bobeldyk wrote:
>
> > Hello All,
> > I have a single router that I setup for policy routing, but
> > for some reason the route-map stmt is matching more than
> > I sould like it to. The route-map doesn't do anything constructive,
> > it's just a simplified version of another problem I was having.
> > Below are the config and the ping with debug ip policy enabled:
> >
> > r6#sh ru
> > Building configuration...
> >
> > Current configuration:
> > !
> > version 11.2
> > no service password-encryption
> > no service udp-small-servers
> > no service tcp-small-servers
> > !
> > hostname r6
> > !
> > !
> > ip subnet-zero
> > no ip domain-lookup
> > !
> > interface Loopback0
> > ip address 10.44.1.1 255.255.255.0
> > !
> > interface Loopback1
> > ip address 10.44.2.1 255.255.255.0
> > !
> > interface Ethernet0
> > ip address 10.4.1.1 255.255.0.0
> > !
> > interface Ethernet1
> > ip address 10.34.1.2 255.255.0.0
> > !
> > router ospf 1
> > network 10.34.1.2 0.0.0.0 area 3
> > network 10.44.1.1 0.0.0.0 area 44
> > network 10.44.2.1 0.0.0.0 area 44
> > network 10.4.1.1 0.0.0.0 area 3
> > area 3 virtual-link 10.34.1.1
> > area 44 range 10.44.0.0 255.255.0.0
> > !
> > ip local policy route-map LOCALPOLICY
> > no ip classless
> > access-list 10 permit 10.34.1.1
> > access-list 10 deny any
> > route-map LOCALPOLICY permit 10
> > match ip next-hop 10
> > match interface Ethernet1
> > set ip next-hop 10.34.1.1
> > !
> > route-map LOCALPOLICY deny 20
> > !
> > !
> > line con 0
> > exec-timeout 0 0
> > length 0
> > line vty 0 4
> > login
> > !
> > end
> >
> > r6#
> >
> > r6#debug ip policy
> > Policy routing debugging is on
> > r6#ping 10.4.1.1
> >
> > Type escape sequence to abort.
> > Sending 5, 100-byte ICMP Echos to 10.4.1.1, timeout is 2 seconds:
> >
> > IP: s=10.34.1.2 (local), d=224.0.0.5, len 64, policy match
> > IP: route map LOCALPOLICY, item 10, permit
> > IP: s=10.34.1.2 (local), d=224.0.0.5 (Ethernet1), len 64, policy routed
> > IP: local to Ethernet1 10.34.1.1
> > IP: s=10.4.1.1 (local), d=224.0.0.5, len 64, policy match
> > IP: route map LOCALPOLICY, item 10, permit
> > IP: s=10.4.1.1 (local), d=224.0.0.5 (Ethernet1), len 64, policy routed
> > IP: local to Ethernet1 10.34.1.1
> > IP: s=10.4.1.1 (local), d=10.4.1.1, len 100, policy match
> > IP: route map LOCALPOLICY, item 10, permit
> > IP: s=10.4.1.1 (local), d=10.4.1.1 (Ethernet1), len 100, policy routed
> > IP: local to Ethernet1 10.34.1.1.
> > IP: s=10.4.1.1 (local), d=10.4.1.1, len 100, policy match
> > IP: route map LOCALPOLICY, item 10, permit
> > IP: s=10.4.1.1 (local), d=10.4.1.1 (Ethernet1), len 100, policy routed
> > IP: local to Ethernet1 10.34.1.1.
> > IP: s=10.4.1.1 (local), d=10.4.1.1, len 100, policy match
> > IP: route map LOCALPOLICY, item 10, permit
> > IP: s=10.4.1.1 (local), d=10.4.1.1 (Ethernet1), len 100, policy routed
> > IP: local to Ethernet1 10.34.1.1.
> > IP: s=10.4.1.1 (local), d=10.4.1.1, len 100, policy match
> > IP: route map LOCALPOLICY, item 10, permit
> > IP: s=10.4.1.1 (local), d=10.4.1.1 (Ethernet1), len 100, policy routed
> > IP: local to Ethernet1 10.34.1.1.
> > IP: s=10.4.1.1 (local), d=10.4.1.1, len 100, policy match
> > IP: route map LOCALPOLICY, item 10, permit
> > IP: s=10.4.1.1 (local), d=10.4.1.1 (Ethernet1), len 100, policy routed
> > IP: local to Ethernet1 10.34.1.1.
> > Success rate is 0 percent (0/5)
> > r6#
> > IP: s=10.34.1.2 (local), d=224.0.0.5, len 64, policy match
> > IP: route map LOCALPOLICY, item 10, permit
> > IP: s=10.34.1.2 (local), d=224.0.0.5 (Ethernet1), len 64, policy routed
> > IP: local to Ethernet1 10.34.1.1
> > IP: s=10.4.1.1 (local), d=224.0.0.5, len 64, policy match
> > IP: route map LOCALPOLICY, item 10, permit
> > IP: s=10.4.1.1 (local), d=224.0.0.5 (Ethernet1), len 64, policy routed
> > IP: local to Ethernet1 10.34.1.1u all
> > All possible debugging has been turned off
> > r6#
> >
> > --
> > -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-
> > Denton Bobeldyk MCNE, CCDA, CCNA, CCSI
> > Email: denny@kentwoodps.org
> > Phone: 616-530-9196
> >
> > Master CNE - Connectivity
> > Cisco Certified Design Associate
> > Cisco Certified Network Associate
> > Cisco Certified Systems Instructor
> >
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:22:43 GMT-3