From: Desyatnik, Yan (Yan.Desyatnik@xxxxxxx)
Date: Wed Jan 17 2001 - 19:11:23 GMT-3
Steve,
I take back my statement about source only, however I do not
understand what you trying to test. If I can take a look at you router full
config it will be helpful, anyway, when you do a regular ping your source ip
address will be ip address of the interface packet goes out. Based on your
config - when you ping, packet will not be policy routed (it was not
originated on any interface) but follow routing table (default). Policy
routing happens before routing table lookup and has to be configured on an
interface. local policy just allows to include locally originated packets.
Create a loopback on your router, configure your policy on loopback and then
do extended ping sourcing loopback - this should work, I tested it in my
lab.
Yan
-----Original Message-----
From: Steve Clubb [mailto:sclubb@cattech.com]
Sent: Wednesday, January 17, 2001 4:48 PM
To: 'Roger Dellaca'; Steve Clubb; Desyatnik, Yan
Cc: ccielab@groupstudy.com
Subject: RE: policy routing
It works with a static route 137.20.0.0 255.255.0.0
137.20.29.2.
-----Original Message-----
From: Roger Dellaca [mailto:rdellaca@bpopca.com]
Sent: Wednesday, January 17, 2001 1:43 PM
To: sclubb@cattech.com; Yan.Desyatnik@usi.net
Cc: ccielab@groupstudy.com
Subject: RE: policy routing
does the ping work if you remove all the policy routing &
set a static route
instead? If not, it's not the policy routing.
>>> Steve Clubb <sclubb@cattech.com> 01/17 12:46 PM >>>
Right -
What I've done is:
ip local policy route-map policy
ip route 0.0.0.0 0.0.0.0 64.166.75.129
!
access-list 101 permit ip any 137.20.0.0 0.0.255.255
!
!
!
route-map policy permit 10
match ip address 101
set ip next-hop 137.20.29.2
!
route-map policy permit 20
However, this is what I get:
........
Success rate is 0 percent (0/5)
terminal#
With debug ip packet on.
Steve
-----Original Message-----
From: Roger Dellaca [mailto:rdellaca@bpopca.com]
Sent: Wednesday, January 17, 2001 12:26 PM
To: sclubb@cattech.com; Yan.Desyatnik@usi.net
Cc: ccielab@groupstudy.com
Subject: RE: policy routing
not quite true - you can policy route on an extended
access-list, which can
use destination as well as source address, plus source/dest
port, protocol,
whatever you can do in the access-list.
So you can do:
access-list 101 permit ip any 137.20.0.0 0.0.255.255
route-map pol permit 10
match ip add 101
set ip next-hop 137.20.29.2
ip local policy route-map pol
Although, as already mentioned below, in real life you
wouldn't do only on
destination since that's why we have static routes & routing
protocols.
>>> Steve Clubb <sclubb@cattech.com> 01/17 11:45 AM >>>
Aw - I see.
Thanks,
Steve
-----Original Message-----
From: Desyatnik, Yan [mailto:Yan.Desyatnik@usi.net]
Sent: Wednesday, January 17, 2001 11:38 AM
To: 'Steve Clubb'
Cc: 'ccielab@groupstudy.com'
Subject: RE: policy routing
Steve,
You cannot policy route based on destination only
based on source.
To manipulate traffic based on destination use static,
metrics, tunnels.
Yan.
-----Original Message-----
From: Steve Clubb
[mailto:sclubb@cattech.com]
Sent: Wednesday, January 17, 2001 2:04 PM
To: 'ccielab@groupstudy.com'
Subject: policy routing
Hey people -
I have a situation where I want to forward
traffic going to
a certain subnet
out an interface or to a next-hop IP. All
other traffic to
take the default
route configured on the router. I can't use
a static route.
I tried this
but it's not working. Any ideas?
ip local policy route-map policy
ip classless
ip route 0.0.0.0 0.0.0.0 64.168.75.12
!
access-list 1 permit 137.20.0.0 0.0.255.255
access-list 2 permit any
!
!
!
route-map policy permit 10
match ip address 1
set ip default next-hop 137.20.29.2
!
route-map policy permit 20
match ip address 2
Thanks,
Steve
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:27:33 GMT-3