From: Arnold Ocasio (aocasio@xxxxxxxxx)
Date: Fri Sep 14 2001 - 14:14:59 GMT-3
Peter,
I'm guessing that you have this set up on a hub-spoke topology, if that is
the case you probably want to add a "frame map ip" statement for this router
and vice versa on the 10.0.0.3 router. If that's not want you want to do.
Add an "ip local policy map" to your router with the appropriate extended
access-list.
You may also want to check they way you are doing your layer 2 to layer 3
mapping on your frame interface.
Hope this helps!
Regards,
============================================================================
Arnold Ocasio .. .. Cisco Systems, Inc.
Network Consulting Engineer || || 7025 Kit Creek Road
Advanced Network Services || || Lake Building
Phone: (919)392-4717 || || PO Box 14987
Fax: (919)392-5758 !||! !||! RTP, NC 27709
Pager: (800)365-4578 ...:||||||:...:||||||:... Main: (800)888-8187
aocasio@cisco.com c i s c o S y s t e m s www.cisco.com
"Empowering the Internet Generation"
============================================================================
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Kenny Sallee
Sent: Friday, September 14, 2001 11:50 AM
To: 'Peter Slow'; 'ccielab@groupstudy.com'
Subject: RE: Policy routing
Whenver you have:
23:14:40: IP: s=10.0.0.2 (local), d=10.0.0.3 (Serial3/0), len 100,
encapsulation failed.
it's an indication of a L2 to L3 mapping problem. On Ethernet you can't ping
an IP if you don't have a MAC. Approach the problem from that angle.
Kenny
-----Original Message-----
From: Peter Slow [mailto:pslow@planetarynetworks.com]
Sent: Friday, September 14, 2001 8:04 AM
To: 'ccielab@groupstudy.com'
Subject: Policy routing
I can't seem to make policy routing work here. the route maps have been
applied to the interfaces, i've tried matching in the route maps on all srts
of stuff, but nothing seems to make them function.
im trying to make 10.0.0.1 the next hop for anything over an NBMA network.
the problems are on the spoke routers.
here are a config and a debug. i'm having this same problem on two of my
routers, so im assuming its something that i've misconfigured.
I've never needed to route on policy before, and this has me very confused
router2#---MARK---
Translating "---MARK---"
Translating "---MARK---"
% Unknown command or computer name, or unable to find computer address
router2#
router2#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter
area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C 10.2.0.0/24 is directly connected, Loopback0
O IA 10.3.0.0/24 [110/782] via 10.0.0.3, 20:43:19, Serial3/0
C 10.0.0.0/16 is directly connected, Serial3/0
router2#sh ip ospf neigh
Neighbor ID Pri State Dead Time Address Interface
192.168.0.101 1 FULL/DR 00:01:35 10.0.0.1 Serial3/0
router2#ping 10.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/30/32 ms
router2#sh deb
router2#debug ip packet
IP packet debugging is on
router2#debug ip pol
router2#debug ip policy
23:14:19: IP: s=10.0.0.1 (Serial3/0), d=10.0.0.2, len 72, rcvd 0
Policy routing debugging is on
router2#ping 10.0.0.1
23:14:28: IP: s=10.0.0.2 (local), d=10.0.0.1 (Serial3/0), len 68, sending
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/32/32 ms
router2#
23:14:31: IP: s=10.0.0.2 (local), d=10.0.0.1 (Serial3/0), len 100, sending
23:14:31: IP: s=10.0.0.1 (Serial3/0), d=10.0.0.2 (Serial3/0), len 100, rcvd
3
23:14:31: IP: s=10.0.0.2 (local), d=10.0.0.1 (Serial3/0), len 100, sending
23:14:31: IP: s=10.0.0.1 (Serial3/0), d=10.0.0.2 (Serial3/0), len 100, rcvd
3
23:14:31: IP: s=10.0.0.2 (local), d=10.0.0.1 (Serial3/0), len 100, sending
23:14:31: IP: s=10.0.0.1 (Serial3/0), d=10.0.0.2 (Serial3/0), len 100, rcvd
3
23:14:31: IP: s=10.0.0.2 (local), d=10.0.0.1 (Serial3/0), len 100, sending
23:14:31: IP: s=10.0.0.1 (Serial3/0), d=10.0.0.2 (Serial3/0), len 100, rcvd
3
23:14:31: IP: s=10.0.0.2 (local), d=10.0.0.1 (Serial3/0), len 100, sending
23:14:31: IP: s=10.0.0.1 (Serial3/0), d=10.0.0.2 (Serial3/0), len 100, rcvd
3
router2#ping 10.0.0.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.3, timeout is 2 seconds:
23:14:36: IP: s=10.0.0.2 (local), d=10.0.0.3 (Serial3/0), len 100, sending
23:14:36: IP: s=10.0.0.2 (local), d=10.0.0.3 (Serial3/0), len 100,
encapsulation failed.
23:14:38: IP: s=10.0.0.2 (local), d=10.0.0.3 (Serial3/0), len 100, sending
23:14:38: IP: s=10.0.0.2 (local), d=10.0.0.3 (Serial3/0), len 100,
encapsulation failed.
23:14:40: IP: s=10.0.0.2 (local), d=10.0.0.3 (Serial3/0), len 100, sending
23:14:40: IP: s=10.0.0.2 (local), d=10.0.0.3 (Serial3/0), len 100,
encapsulation failed.
23:14:42: IP: s=10.0.0.2 (local), d=10.0.0.3 (Serial3/0), len 100, sending
23:14:42: IP: s=10.0.0.2 (local), d=10.0.0.3 (Serial3/0), len 100,
encapsulation failed.
23:14:44: IP: s=10.0.0.2 (local), d=10.0.0.3 (Serial3/0), len 100, sending
23:14:44: IP: s=10.0.0.2 (local), d=10.0.0.3 (Serial3/0), len 100,
encapsulation failed.
Success rate is 0 percent (0/5)
router2#u a
23:14:49: IP: s=10.0.0.1 (Serial3/0), d=10.0.0.2, len 72, rcvd 0ll
All possible debugging has been turned off
router2#sh poli
router2#sh policy-map
router2#sh ip int
router2#sh ip interface s
router2#sh ip interface serial 3/0
Serial3/0 is up, line protocol is up
Internet address is 10.0.0.2/16
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Multicast reserved groups joined: 224.0.0.5 224.0.0.6
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Security level is default
Split horizon is disabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is enabled
IP Flow switching is disabled
IP Feature Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, Policy
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Probe proxy name replies are disabled
Policy routing is enabled, using route map POLICY-10
Network address translation is disabled
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
BGP Policy Mapping is disabled
IP multicast multilayer switching is disabled
router2#sh run
Building configuration...
Current configuration : 1737 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname router2
!
!
!
!
ip subnet-zero
!
!
no ip domain-lookup
ip domain-name ofa.sh
!
frame-relay switching
call rsvp-sync
!
!
!
!
!
!
controller T1 0/0
framing sf
linecode ami
!
controller T1 0/1
framing sf
linecode ami
!
!
!
!
interface Loopback0
ip address 10.2.0.1 255.255.255.0
ip ospf network point-to-point
!
interface FastEthernet0/0
no ip address
speed 100
full-duplex
!
interface FastEthernet0/0.1
encapsulation isl 1
no ip redirects
!
interface FastEthernet0/0.2
encapsulation isl 2
ip address 192.168.0.99 255.255.255.128
no ip redirects
!
interface FastEthernet0/0.3
encapsulation isl 3
no ip redirects
!
interface FastEthernet1/0
no ip address
duplex auto
speed auto
!
interface BRI2/0
no ip address
shutdown
!
interface Ethernet2/0
no ip address
shutdown
half-duplex
!
interface BRI2/1
no ip address
shutdown
!
interface Serial3/0
ip address 10.0.0.2 255.255.0.0
encapsulation frame-relay
ip route-cache policy
ip policy route-map POLICY-10
frame-relay interface-dlci 201
frame-relay lmi-type cisco
!
interface Serial3/1
no ip address
shutdown
!
interface Serial3/2
no ip address
shutdown
!
interface Serial3/3
no ip address
shutdown
!
router ospf 1
log-adjacency-changes
area 23 stub
network 10.0.0.0 0.0.255.255 area 0
network 10.2.0.0 0.0.0.255 area 23
neighbor 10.0.0.1 priority 1
!
ip classless
no ip http server
!
access-list 1 permit any
!
route-map 10 permit 10
!
route-map POLICY-10 permit 10
match ip address 1
set ip next-hop 10.0.0.1
!
route-map POLICY-10 permit 65535
!
!
dial-peer cor custom
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end
router2#---MARK---
Thanks in advance guys and gals,
-Peter Slow
**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:32:18 GMT-3